Sensitive client data in the hands of global web services firm, Hetzner, may have been compromised in the latest attack discovered last week. This data includes names and email addresses of Hetzner client, phone numbers, address details, debit order bank account details, identity numbers and VAT numbers.
This was revealed in an email message sent by Hetzner to clients today. The message said read thus:
Security incident – here’s what you need to know
Online platforms around the world have been under severe attack this year. Even with our best efforts to stay one step ahead, we would like to inform you of a security incident involving your Hetzner account information. You do not need to take any action – we have the situation under control.
What you need to know:
Over the past year, we have significantly increased our measures to harden our systems against possible attack. This includes regular penetration testing and a comprehensive audit by independent cyber security specialists, with a dedicated team always working to strengthen our systems and the security of your data.
On Friday, 5 October, our technical team uncovered suspicious activity on our database. We acted swiftly, working around the clock, to patch the vulnerability from further coordinated attacks.
Data that may have been exposed:
- Name and email address
- Phone number(s)
- Address details
- Debit Order bank account details such as your bank account number. This information is readily available and often provided for invoice purposes.
- Identity number
- VAT number
Data that was NOT exposed:
- Credit card details – this information is not stored on any of our systems
- Passwords and login credentials
- Website and email content
What you should do:
There is no action to be taken on your side. However as always, we do recommend that you remain extremely vigilant to phishing scams.
A comprehensive audit involving our security team and cyber security specialists is underway to ensure that our systems are secure.
We can reassure you that your data security remains our top priority and that we take swift and decisive action to address threats whenever they are identified.