A 32-year-old woman has been arrested and bailed in connection with the data breach at accountancy software firm Sage.
City of London Police confirmed that the woman was arrested at Heathrow Airport on "suspicion of conspiracy to defraud" and is a current employee of the company.
The arrest comes two days after Sage admitted to a data breach when "unauthorised access" was gained by someone using an internal company log-in.
Sage said that the personal information of employees at 280 organisations in the UK were compromised as a result of the attack.
"We believe there has been some unauthorised access using an internal log-in to the data of a small number of our UK customers, so we are working closely with the authorities to investigate the situation," Sage said in a statement released over the weekend.
The company has informed the Information Commissioner's Office and the City of London Police.
Sage did not reveal any further information about the breach, whether or how the data was obtained, how many people might be affected, the information that may have been compromised or even the services that were cracked.
The statement also raises questions about the security and monitoring of the company's authentication mechanisms. Sage did not say whether the breach was performed by a current or former employee, or whether the log-in credentials were compromised in some way.
Sage has around six million SMB customers around the world, and the unauthorised access of 280 customer accounts therefore represents only a small proportion of its total customer base. The company claimed that only UK-based customers were affected.
Thomas Fischer, threat researcher and global security advocate at Digital Guardian, laid the blame squarely at Sage's door, suggesting that the company's security was inadequate.
"It appears that the Sage breach came from an insider. Insider threats are almost always preventable if the right people-management processes and tools are in place," he said.
"This is the case even if the employee is a so-called reluctant insider, meaning that, for example, an external party has compromised their account.
"Sage also claims that it's currently unsure how the data was compromised. Again, with the proper investments in IT security this should be easily controllable and identifiable in a very short period of time."
The admission of a security breach at Sage comes after a week of revelations from retail systems vendors that appear to have been targeted by a gang of Russian hackers.
Oracle revealed last week that a serious breach at its MICROS subsidiary led to the firm having to remove malicious code from legacy retail systems software.
It emerged later in the week that five other retail systems vendors had also been attacked, although none of them admitted to a breach of the same severity as at Oracle.
V3 has sent a series of probing questions to Sage this morning and will update this story as soon as the company responds.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago