Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Italian hosting firm Aruba.it defends data breach notification delay

Italian web hosting firm Aruba.it has admitted a recent data breach amid complaints from some customers that it was slow in notifying them about a problem.

In an Italian-language message to customers sent out last week – a copy of which has ben obtained by The Daily Swig – the hosting firm said that a breach dating back to April 23 had exposed customer billing and personal data including names and surnames, tax codes, physical addresses, telephone numbers, and email addresses, as well as encrypted hashes of customer portal passwords.

Aruba.it reset passwords at the time of detecting a breach but only notified customers that its systems had suffered a breach some 10 weeks later, and only after it had finished an investigation into the problem.

In response to our queries about the security incident, Aruba.it offered a statement confirming the problem but downplaying its significance:

Aruba’s cybersecurity detection systems picked up and alerted us to anomalous activity which, upon investigation, was found to be unauthorised access. This action was immediately blocked by our incident response team. The team then carried out further analysis of the security incident, during which the ‘way in’ was identified as a vulnerability in third-party CMS software used to manage the content of product and service user guides for customers.

Aruba immediately informed the authorities and the Personal Data Protection Authority once this issue was discovered. Over the last two months, we have worked closely with these authorities and cybersecurity specialists to investigate the depth and potential repercussions of the attempted access to or misuse of our data. When the investigation was concluded, Aruba notified customers and provided advice and support.

The investigation has not yielded any evidence of data being compromised or taken from our systems. Aruba has not received any contact request from any cyber-attackers, neither for extortion nor any other purpose.

Some customers who apparently received the notification email took to Twitter to express their dissatisfaction at not being notified earlier.

The Daily Swig invited Aruba.it to respond to these criticisms but we’re yet to get a response. We’ll update this story as and when more information – such as the number of customers potentially affected by the breach – comes to hand.

Source: https://portswigger.net/daily-swig/italian-hosting-firm-aruba-it-defends-data-breach-notification-delay

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO