The Channel logo


By | John Leyden 11th January 2016 14:41

Data centre outfit Interxion admits to contact detail security breach

Chill, the ‘vulnerability' has been fixed, people informed

A security breach at European data centre firm Interxion has exposed the contact details of thousands of its customers, although no financial information is thought to be involved.

Neither credit card details nor customer services were affected by last month’s security snafu, and only Interxion’s CRM system was affected, as the carrier-neutral colocation provider explained in and email to customers last weekend (extract given below):

Despite the multiple levels of protection in place, in December Interxion became aware that it had suffered a breach in our IT security.

The result of this was a temporary and localised compromise of the credentials to our CRM system, which resulted in the unauthorised access to some customer and prospect contact details.

The business contact information that was accessed consisted of names, job titles, and (business) contact details such as (business) email addresses and phone numbers.

No financial or other sensitive customer data was accessed, or is stored within this system. We emphasise that this incident only affected Interxion’s CRM system and did not impact or involve any of the data centres or services that Interxion provides.

No actions are required by you or any of our other customers and prospects regarding this incident.

El Reg learned of the breach from one of the customers who received the email, who has asked to remain anonymous. The main impact of the breach is in leaving business customers of the ISP exposed to greater risk from more convincing phishing scams, or other social engineering attacks, which might now feature genuine name, email and phone addresses.

A total of 23,200 customer records held on Interxion’s CRM have potentially been exposed by what the firm characterises as a vulnerability rather than a configuration error.

An Interxion spokesman told El Reg that the “vulnerability has been fixed and we have informed, where relevant, the appropriate authorities”.

“The incident did not impact or involve any of the data centres or services that Interxion provides,” he added. “The data compromised was that of our CRM system. The fields exposed were names, job titles, and contact details ... and no other contact information was compromised.” ®

comment icon Read 4 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe