South African subsidiary of Germany’s Hetzner Online, has advised customers that it has been a victim of a “data breach” which likely exposed all of their customers data. The data breach, according to Hetzner, was uncovered by their cyber security research team on October 5th 2018 when they apparently noticed an “unusual network activity.”
The ISP has said in their released statement that they have since fixed the vulnerability that exposed customer data and all other information related to the breach.
Hetzner said in an email to their customers –
“Online platforms around the world have been under severe attack this year. Even with our best efforts to stay one step ahead, we would like to inform you of a security incident involving your Hetzner account information.”
Data was exposed as a result of the activity, and Hetzner said the following information may have been accessed:
- Name and Email Addresses
- Phone numbers
- Home Address details
- Debit Orders
- Bank Account Details
- Identity numbers
- VAT number
Unexposed Data were also listed:
- Credit Card Information
- Passwords and User Login Credentials
- Website and Email Contents
The company added that despite clients not needing to take any action, they must be on the lookout for phishing scams.
“A comprehensive audit involving our security team and cyber security specialists is underway to ensure that our systems are secure.”
“We can reassure you that your data security remains our top priority and that we take swift and decisive action to address threats whenever they are identified.”
How can customers protect themselves going forward? Hetzner also released this statement –
“This had been completely on our side, and there is nothing that our clients would have been able to do on their side in this regard. We will always strive to be transparent in communicating incidents that affect our customers. Our intention is to be sincere in our communication with you. We would like to apologize if you feel that we haven’t fully succeeded in our intention with this incident.”
What’s thought-provoking is that Hetzner started their statement to customers in a manner that sounded like they were somehow shifting the blame and not taking full responsibility for the incident by saying that “online platforms around the world have been under severe attack this year.” Moreover, Hetzner has not been totally transparent with details of the “weakness” in their network and systems that led to the breach but insists that it was not their fault and that they did their best.