An Italian hosting provider took an unusually long time to notify its customers about a recent security breach

Jul 20, 2021 17:13 GMT  ·  By

Following an online complaint from its customers who claimed that the company had taken too long to notify them of the breach, the Italian web hosting company Aruba confirmed that it had experienced a data breach, according to The Daily Swig

In a notice issued last week, the company warned its customers that they had been victims of an information breach in mid-April that exposed their personal information, including phone numbers, emails, full names, tax numbers, physical addresses, and encrypted customer portal password hashes.

It took approximately ten weeks for people who were affected to receive information about the data breach once the investigation was completed. At the time, Aruba updated its customers' passwords.

An Aruba spokesman revealed in a statement that its cybersecurity detection systems had uncovered unusual activity that had been proven to lead to unauthorized access in April. The intruders were prevented from accessing the company's systems by the incident response team until a further investigation was carried out.

Hackers did not compromise Aruba's software, but rather a third-party CMS 

The investigation revealed that the attacker had gained access to the network by exploiting a weakness in a third-party content management system (CMS). The company has notified authorities, including the Office for the Protection of Personal Data.

Immediately following the occurrence of the security incident, Aruba has collaborated with authorities and cybersecurity experts to determine the scope and potential ramifications of the attempted access to or misuse of its data. After conducting an investigation, the company informed its consumers that a breach had happened, while also providing them with information and assistance.

Several of Aruba's customers, on the other hand, expressed dissatisfaction with the company's approach in notifying them of the data breach. Customers' passwords were reset as soon as the company was made aware of the breach, however. It is not yet known how many customers were affected, and Aruba has stated that the perpetrators have not yet contacted the organization.