Martin Hendricks, Director of Information Technology at Cobham Financial Services, has been enrolled on a compulsory cybersecurity awareness course after his account was compromised by what IT security specialists have described as a fairly standard phishing attempt that wouldn’t have fooled a moderately attentive Year 9 student.

The breach occurred despite Mr Hendricks having received seventeen separate emails from his own security team over the past six months requesting that he reset his password, which an internal investigation has revealed was “Cobham123”. The investigation also noted that Mr Hendricks had used the same password for the company’s financial systems, his email account, and the executive washroom door code.

The incident came to light when Mr Hendricks clicked on a link in an email purporting to be from “LinkedIn Premium Urgent Account Verification Team”, thereby granting access to approximately 40,000 customer records and the contents of his inbox, which included three unread cybersecurity policy updates and a marked-urgent memo entitled “Why We All Need To Take Password Security Seriously”.

Sarah Chen, the Senior Information Security Analyst who sent sixteen of the seventeen ignored emails, will be delivering the mandatory training session. The nineteen-slide presentation, which she created eighteen months ago as part of a company-wide security initiative that Mr Hendricks approved but did not attend, covers such topics as “What Is a Password”, “Why ‘Password123’ Is Not a Good Password”, and “How to Recognise an Email That Might Not Be Legitimate”.

“We’re very much looking forward to having Martin join us for the full three-hour session,” Ms Chen said. “It’s the same course we’ve been running for junior staff members quarterly since 2022, though obviously we’ve updated slide fourteen to remove the example that used his actual password, which several people had noticed.”

The training, which Mr Hendricks will attend alongside two new receptionists and an intern from Marketing, also includes a practical component requiring attendees to create a secure password and write it down somewhere other than a Post-it note attached to their monitor.

Mr Hendricks released a statement through the company’s communications office noting that cybersecurity remains a top priority for the organisation and that he takes full responsibility for not having had time to read emails from what he believed was “probably just another automated system thing”.

James Okonkwo, Cobham’s Chief Executive Officer, praised the company’s robust security protocols whilst declining to comment on whether he had personally completed the same training. His assistant later clarified that Mr Okonkwo’s calendar was unfortunately full for the foreseeable future, though she did confirm that his password had recently been changed from “JamesOkonkwo1” to “JamesOkonkwo2”.

The compromised data has since been secured. Ms Chen has scheduled a follow-up session for next month, assuming Mr Hendricks does not classify it as optional senior leadership development.