‘Catenaccio’ defenses breached by CMS hack

Italian hosting firm Aruba.it has downplayed the impact of a recent breach

Italian web hosting firm Aruba.it has admitted a recent data breach amid complaints from some customers that it was slow in notifying them about a problem.

In an Italian-language message to customers sent out last week – a copy of which has ben obtained by The Daily Swig – the hosting firm said that a breach dating back to April 23 had exposed customer billing and personal data including names and surnames, tax codes, physical addresses, telephone numbers, and email addresses, as well as encrypted hashes of customer portal passwords.

Read more of the latest data breach news

Aruba.it reset passwords at the time of detecting a breach but only notified customers that its systems had suffered a breach some 10 weeks later, and only after it had finished an investigation into the problem.

In response to our queries about the security incident, Aruba.it offered a statement confirming the problem but downplaying its significance:

Aruba’s cybersecurity detection systems picked up and alerted us to anomalous activity which, upon investigation, was found to be unauthorised access. This action was immediately blocked by our incident response team. The team then carried out further analysis of the security incident, during which the ‘way in’ was identified as a vulnerability in third-party CMS software used to manage the content of product and service user guides for customers.

Aruba immediately informed the authorities and the Personal Data Protection Authority once this issue was discovered. Over the last two months, we have worked closely with these authorities and cybersecurity specialists to investigate the depth and potential repercussions of the attempted access to or misuse of our data. When the investigation was concluded, Aruba notified customers and provided advice and support.

The investigation has not yielded any evidence of data being compromised or taken from our systems. Aruba has not received any contact request from any cyber-attackers, neither for extortion nor any other purpose.

Some customers who apparently received the notification email took to Twitter to express their dissatisfaction at not being notified earlier.

The Daily Swig invited Aruba.it to respond to these criticisms but we’re yet to get a response. We’ll update this story as and when more information – such as the number of customers potentially affected by the breach – comes to hand.

RELATED Dell Wyse Management Suite subject to database exposure, session hijacking