With an email to all its customers Aruba , the famous hosting service and not only (very popular recently also for its PEC service), has made it known that it has undergone a cyber attack last April 23. The attack concerned some management systems of the company and not the production systems (therefore the servers with the websites to be understood) and that is why there was no block in access.
Aruba says it has
immediately implemented a series of internal and external measures including informing the Police and the Guarantor for the Protection of Personal Data. At the conclusion of all our analyzes, we felt it was our duty to inform you of the incident even if no action was required on your part.
But what are the data then put at risk? Although no data has been altered or deleted , from the Aruba email it is clear that the data to which the criminals have had access are:
billing data (name and surname, social security number, address, city, postcode, province, telephone, email address, PEC address) and the authentication data to the customer area, such as login and password, the latter protected by strong encryption, and however readily disabled, therefore in any case unusable.
The payment data (e.g. credit cards), nor the customer services (e.g. hosting, cloud, email, PEC …) and all the data contained therein were not affected in any way.
After a request for clarification, we discovered that only those who received a specific communication of the password change could have been involved in the exposure of the data. The e-mail notifying these events was instead sent to all Aruba users.
only if you have received a specific communication from us, the data referable to you were potentially affected by the event.
Although the data exposed are not the most sensitive ones (such as credit cards, unencrypted passwords or hosting contents), Aruba itself advises users to pay attention to potential e-mails or SMS of phishing . The billing information could in fact be exploited by criminals to pretend to be the Aruba assistance service (or other) companies, and then carry out other malicious actions.
Aruba also made it known that the historical period is favorable to an increase in cyber attacks, but that the company is always attentive to security:
We attach great importance to IT security and make huge investments in technology, tools and organization, but in this circumstance we have not been able to prevent the event. Unfortunately, this is a very special period, in which cyber attacks, increasingly sophisticated, are on the rise and are hitting companies and public and private organizations of all levels globally.
