As reported by the BBC and The Telegraph, police are currently investigating the breach, while Sage is probing the “unauthorised access” of data via an “internal” company computer login.
The Information Commissioner’s Office (ICO), the body responsible for the enforcement of the UK Data Protection Act, has been informed of the breach. Criminal prosecution or non-criminal enforcement at the hands of ICO are two possible punishments that could flow from a finding of possible negligence on behalf of Sage.
It is unclear at this stage whether the data was stolen from the company or merely viewed.
Sage has notified the businesses whose data may have been accessed and has advised them to look out for any unusual activity.
A Sage UK spokesperson told the BBC: "We are investigating unauthorised access to customer information using an internal login.
"We cannot comment further whilst we work with the authorities to investigate – but our customers remain our first priority and we are speaking directly with those affected."
AccountantsDaily has reached out to Sage Australia, but at the time of publishing no comment had been obtained.