Breached (Part 1)

Written By Noel Bradford

The Call that changed everything

This account is based on a real-world case. Names, locations, and identifying details have been changed or obscured to protect those involved and, frankly, to save a few blushes.

The phone rang at 11:27 a.m.

It wasn’t the work mobile. It wasn’t the landline. It was her personal phone—the one that mostly lived in her coat pocket or sat charging on the kitchen counter. The one that hadn’t rung for anything serious in months.

Katie Roberts stared at it, confused by the unfamiliar number. London dialling code. No name. No message. Just the shrill, slightly-too-loud ring of something uninvited.

She answered on the third ring. Not because she had to, but because something in her gut said she should.

“Katie Roberts?”

The voice was calm. Male. British. Authoritative, but not performative. There was no upsell coming. No polite opening dance.

“This is Detective Inspector Langford from the National Crime Agency. I need to inform you that we have credible evidence suggesting your business may have been compromised.”

The words didn’t register at first. Her brain stalled, caught between disbelief and confusion.

She looked around her office, half-expecting something to be visibly wrong. But everything was in place. Her coffee was still warm. The post-it notes on her monitor still reminded her to chase invoices. Nothing looked like a crime scene.

Langford continued, his voice steady, as if he’d said this before. Perhaps dozens of times.

“We are not at liberty to disclose full details at this stage, but we advise you to assume breach and begin internal investigation and containment protocols immediately. Do you have a cyber incident response plan in place?”

She nearly laughed. It caught in her throat.

A plan?

She’d run the business for thirty years. She’d navigated recessions, Brexit, COVID, and HMRC audits that had lasted longer than some of her junior staff's careers. But this? This was not in any of the business books.

She had a daughter who was good with computers and a part-time admin who could reboot the router. Her MSP—Harwood IT Solutions—was neither inspiring nor proactive. They were dependable in the way a dripping tap might be: constant, slightly irritating, and occasionally useful when you were desperate.

No, she didn’t have a cyber incident response plan. What she had was a spreadsheet with everyone’s birthdays, an IT contract she barely read, and a growing sense that something terrible had already begun.

Langford paused, as though letting the weight of the situation land.

Katie steadied herself.

“How do I know you are who you say you are?”

“No problem,” Langford said. “You can verify me using the NCA challenge process. Go to nationalcrimeagency.gov.uk/verify and enter badge ID 614253.”

She opened her browser. Her fingers didn’t feel like hers. The badge ID matched. He was real. The call was real.

She swallowed. “All right… how do you know it’s us?”

Langford didn’t miss a beat.

“We are monitoring a network linked to a known cybercrime group. Your organisation’s data has been observed in outbound communications from that network.”

Observed.

Not suspected. Not maybe. Observed.

Langford told her to contact her IT provider and await a call from a regional cyber liaison. He advised her to avoid informing unnecessary staff until more was understood. Discretion. Not panic. Urgency without alarm.

And then the call was over.

Katie didn’t move for a long time. The hum of the lights above seemed louder. The soft burble of the coffee machine in the hallway was suddenly distracting.

She stood slowly, walked to the window of her ground-floor office, and stared out at the car park. A white van reversed awkwardly into a space. The courier climbed out and stretched. Life continued.

But inside her small but well-run business, spread across four locations, employing thirty people, and serving hundreds of loyal clients,something had shifted.

Not in a way you could see. Not yet.

But like a tiny crack in a windscreen, spidering outward under pressure, the fracture had begun.

Noel Bradford

Noel Bradford – Head of Technology at Equate Group, Professional Bullshit Detector, and Full-Time IT Cynic

As Head of Technology at Equate Group, my job description is technically “keeping the lights on,” but in reality, it’s more like “stopping people from setting their own house on fire.” With over 40 years in tech, I’ve seen every IT horror story imaginable—most of them self-inflicted by people who think cybersecurity is just installing antivirus and praying to Saint Norton.

I specialise in cybersecurity for UK businesses, which usually means explaining the difference between ‘MFA’ and ‘WTF’ to directors who still write their passwords on Post-it notes. On Tuesdays, I also help further education colleges navigate Cyber Essentials certification, a process so unnecessarily painful it makes root canal surgery look fun.

My natural habitat? Server rooms held together with zip ties and misplaced optimism, where every cable run is a “temporary fix” from 2012. My mortal enemies? Unmanaged switches, backups that only exist in someone’s imagination, and users who think clicking “Enable Macros” is just fine because it makes the spreadsheet work.

I’m blunt, sarcastic, and genuinely allergic to bullshit. If you want gentle hand-holding and reassuring corporate waffle, you’re in the wrong place. If you want someone who’ll fix your IT, tell you exactly why it broke, and throw in some unsolicited life advice, I’m your man.

Technology isn’t hard. People make it hard. And they make me drink.

https://noelbradford.com
Previous

The SMS Scam: Why Your 2FA Strategy is an Open Goal for Hackers
Next

Co-op’s Data Breach: Another Day, Another Cyberattack in UK Retail