Nmedia - Fotolia
Interxion has suffered a data breach after hackers infiltrated the datacentre operator’s CRM systems and accessed contact details of existing and prospective clients.
The company notified users of the breach in an email, published by IT security analyst Graham Cluley on his blog. It reportedly took place some time in December.
The missive confirms that the names, job titles and business contact details of an unspecified number of Interxion customers and prospects were accessed during the incident.
According to Interxion’s website, the company’s services are used by more than 1,500 customers in 11 countries and are delivered via 40 datacentres.
“Upon learning of this incident, Interxion collaborated with our CRM supplier and has worked closely with our security team to ensure that all CRM information is secure,” the customer email says.
“Measures have been taken to address this specific vulnerability. We have also informed the authorities in all the appropriate jurisdictions.”
In a follow-up statement to Computer Weekly, the European colocation provider assured customers that no sensitive data was compromised through the incident.
“Despite multiple levels of protection in place, Interxion has suffered a breach in our IT security,” the statement read. “The result of this was the temporary and localised compromise of the credentials to a CRM system, which resulted in unauthorised access to a limited amount of customer and prospect contact details.
Read more about datacentres and security
- RSA Group has confirmed that the theft of a storage device from one of its datacentres is likely to have contained information belonging to a “small number” of Lloyds Bank home insurance customers.
- Datacentre operators are putting the integrity of their facilities at risk by prioritising the physical security of their sites over safeguarding them from cyber attacks.
“No financial or other sensitive customer data is stored within the CRM system, and no data that was accessed is available in the public domain.”
While that may be so, the fact that contact details were accessed during the breach could put Interxion clients and prospects at increased risk of phishing attacks, Cluley warns in a blog post.
“Although it’s fortunate that further sensitive information was not stolen, there still remains the possibility that online criminals could use the information to contact Interxion’s business contacts and [carry out] carefully-crafted phishing campaigns and other attacks,” Cluley said.
“If you do business with Interxion, be wary of any unusual communications you receive, and contact the company if you are in any way uncertain whether a communication from the firm is legitimate or not.”