Need help?
Do you feel unsure or have any questions? Contact me or any of my colleagues and we'll help you.
Categories
Executive summary – Data Breach
On August 19, 2024, an incident occurred where data from SMS-Teknik was accidentally exposed on the internet during a routine exercise to restore a copy of the production database. The exposure lasted for 19 minutes and resulted in the deletion of the copy, as well as a ransom note being left by the attackers who gained access to the system.
SMS Teknik shut down the exposed computer as soon as the intrusion was discovered. The incident has been reported to the Swedish Authority for Privacy Protection (IMY) and the Police, and our customers have been informed. A forensic investigation, in collaboration with an external party, has been conducted.
The investigation shows that the 19 minutes the attackers had access to the system were not sufficient to download all the data. Only a limited amount of data was taken with the intent of carrying out a ransom campaign.
Since the incident, SMS Teknik has implemented extensive security measures to minimize the risk of future data breaches. We deeply regret the concern and inconvenience this incident may have caused our customers. We also want to thank you for the support we have received during this time.
Frequently asked questions
Can the attackers log in to our customers’ accounts and send SMS messages?
User IDs and passwords are encrypted, and according to the forensic report, fewer than 100 out of 11,000 accounts were accessed. Most of our customers have now changed their passwords, which prevents the attackers from sending SMS from customers’ accounts. Additionally, our customers’ messages are protected by our Spam-alert system, which blocks SMS that deviate from their usual patterns.
Have SMS messages containing sensitive personal data been stolen?
According to our forensic report, only a small number of SMS messages, fewer than 100 out of a total of 70 million, were exposed. Our customers typically do not send sensitive personal information; in such cases, the purpose of the SMS message is to prompt someone to log in to the customer’s portal.