Company says its security systems were not up to scratch and apologises after disabling 2 million email accounts
Dutch telecoms firm KPN has become the latest big name to fall victim to hackers after it confirmed a breach and apologised to affected customers.
However there is confusion about whether data posted online, claimed by the hackers to be personal information of more than 500 KPN customers, was in fact taken from the telecoms company.
Following the January hack, personal details of 537 people were posted online. It was claimed by the hackers that the people were KPN customers. According to reports, however, the details were actually from customers of online baby products retailer Baby-Dump.
That company has confirmed that it has suffered a breach and has suggested that all customers should change their password.
Although the data was not from KPN the telecoms company has confirmed that its systems were breached, and issued a strongly-worded mea culpa. The company was forced to disable email access for two million customers for two days while it investigated the breach. It also admitted that its security systems were not up to scratch.
It ran a series of adverts in the Dutch media. "For you and two million other KPN clients it was very difficult and unwelcome. For this we would like to apologise," the adverts read. "We would like to apologise two million times."
According to Reuters, KPN’s Dutch boss Joost Farwerck added: "We will shortly implement a number of changes in the management of our IT organisation to increase quality and effectiveness. The last few weeks have unmistakably shown the necessity for this."
These steps include improving server security, protecting data and the process by which it notifies authorities of any breaches. Opta, the Dutch telecommunications regulator, has confirmed it is investigating the incident.
Garry Sidaway, Global Security Strategy, Integralis, said this is another example of how many companies are failing to keep their primary systems secure.
"This is another indicator that whilst the headlines say ‘cyber-attack’ hinting at organised criminal, and sometimes government, activity – the reality is that organisations are still struggling to cope with the "day" job of keeping systems secure, up-to-date and ensuring that key resources aren’t stretched to the limit," he said.
"Take a look at last year’s attacks – the pattern isn’t necessarily complex and sophisticated. The exploitation of vulnerabilities are often months old or well documented," he added. "Organisations have a huge task to keep their systems secure and make every effort to balance the risks. This is where expertise and resources have to be focused – expertise that can identify the risks and allocate the correct resources to secure the critical systems."