The Insured, who provides a peer-to-peer platform which allows individuals to lend money, discovered that the email account of an employee of the Insured’s finance team was compromised through a suspected phishing attack. The attack led to phishing emails being sent on the same date from the employee’s email account to around 200 recipients in an attempt to collect email credentials. An investigation determined that the email account compromised contained names, customer reference numbers, bank account details and customer documents for over 15,000 customers, including 30 lending customers. As a result of the incident, forensic, notification and credit monitoring vendors were appointed to deal with the breach effectively. The Insured subsequently received 12 customer complaints as a result of the notification process. The matter was also reported to the ICO and FCA who both opened enquiries.