Aruba waited months to notify customers regarding a recent data breach

Italian web hosting firm waited ten weeks to inform customers of the breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Italianweb hostingcompanyArubaadmitted that it recently fell victim to a data breach after its customers complained online that it had waited too long to notify them regarding the situation.

AsreportedbyThe Daily Swig, the company informed its customers in a message sent out last week that it had fallen victim to adata breachback in mid-April which exposed their personal data including full names, tax codes, physical addresses, telephone numbers, emails and encrypted hashes of customer portal passwords.

At that time, Aruba reset customer passwords though it waited around ten weeks until after its investigation into the matter was complete to send out adata breach notificationto those affected.

Better late than never

In a statement toThe Daily Swig, an Aruba spokesperson explained that its cybersecurity detection systems discovered anomalous activity that was found to be unauthorized access back in April.

The company’s incident response team then blocked the intruder’s access to its systems while it investigated further. As a result of the investigation, Aruba learned that a vulnerability in a third-partyCMSwas exploited by the attacker to gain access. From here the company informed the authorities and the Personal Data Protection Authority.

During the last two months, Aruba has been working closely with the authorities and cybersecurity experts “to investigate the depth and potential repercussions of the attempted access to or misuse” of its data. Following the completion of its investigation, the company notified customers that a breach had occurred while providing advice and support.

Some of Aruba’s customers though took issue with the fact that the company waited as long as it did to inform them of the data breach. To Aruba’s credit though, it didreset customer passwordsimmediately after discovering the breach.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

At this time, we still don’t know how many customers were affected and Aruba has said that the attackers responsible have not yet reached out to the company.

ViaThe Daily Swig

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

The EU AI Act: What do CISOs need to know to strengthen AI security?