How one bad password destroyed a 158-year-old company and left 700 people out of work

One company's 158-year-long history was completely wiped out as the consequence of a single bad password, leaving over 700 employees without a job following a devastating cyber attack.

Cyber experts always go on about how important it is to keep your password safe, as it's not just a case of storing it with care but also making it as difficult as possible for potential hackers to work out.

One ethical hacker has claimed that the only way you should store your log in details is with a pen and paper, and Microsoft is even removing support for password storage, claiming that they simply aren't secure enough any more.

One recent case study that shows this in clear detail is the tragic situation that Northamptonshire transport company KNP found itself in, as one employees password led to the ruination of the business.

How did one password destroy the company?

As reported by the BBC, KNP is one of tens of thousands of companies across the United Kingdom alone that have been hit by cyberattacks, only this particular event had catastrophic consequences.

KNP was the parent company of Knights of Old, but a single ransomware attack has eradicated the business (Mike Kemp/In Pictures via Getty Images)

Cyber criminals managed to access the company's computer systems but guessing the password of a single employee, allowing them to encrypt and lock away the data, putting it up for random.

KNP outlines that it had complied with IT industry standards and had insurance against cyber attacks, but a single password - likely long long enough and containing easy-to-guess information - made it so that staff couldn't access a single thing.

Paul Abbot, director of KNP, revealed that he informed the employee whose password was compromised by hackers, indicating: "Would you want to know if it was you?"

What did the hackers demand to return the data?

The ransom letter sent by the group of hackers known as 'Akira' outlined: "If you're reading this it means the internal infrastructure of your company is fully or partially dead... Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue."

The note itself didn't contain any specific figures, although one expert in ransomware attacks estimated that they'd be looking at around £5,000,000 ($6,735,231) to return the data - a figure which KNP simply didn't have.

The hackers would have likely required over £5 million to hand back KNP's data (Getty Stock)

As a result, the company couldn't resume operations and had to go under, leaving over 700 people out of work as the data remains lost forever.

Industry research suggests that the figure KNP would have had to pay is around the average offered to victims of ransomware attacks, and around a third of these affected companies end up paying up to retrieve the stolen information.

It goes to show quite how much power a single password can hold though, and serves as another reminder as to why having complex log in details, with added authentication processes, is so vitally important - even if it makes logging in every day a little bit harder.