Loopia confirmed the data breach yesterday, the incident has happened on August 22 and the company notified customers on August 25.
The company explained that the delay in the public disclosure was necessary to secure the systems and protect its customers.
“Security is very important to Loopia and something we work intensively with every day. On Tuesday, 22 August, Loopia was subjected to a criminal offense. With the attack, the hackers have had access to parts of the customer database, including personal and contact information and encrypted (hashade) passwords to Loopia Kundzon.” reads the announcement.
“The violation has not affected your services such as email, web pages, databases or passwords to your email at Loopia. We also want to emphasize that payment card information is not saved in Loopia’s environment and is thus not affected by the infringement.“
In response to the data breach, the company is forcing a password reset and is urging customers to update their personal information. Loopia clarified that stolen passwords were encrypted, but did not reveal the hashing algorithm.
“Although passwords to Loopia’s Customer Zone are stored encrypted (hashade), we have, as an additional security measure, changed all customer numbers and passwords to all customer accounts. Information has been sent to all customers by e-mail.” continues the announcement.
Hackers did not access financial data, according to Loopia customers’ hosted sites and e-mail services weren’t compromised.
“We were not sure how the attackers had gone, and needed a clearer picture of it before we went out with information. Now all customers have been informed. As an additional security measure, we have changed all customer numbers and passwords to all customer accounts”. CEO Jimmie Eriksson told Swedish outlet NyTeknik.
“We will evaluate whether we could have done otherwise. We then made great efforts in a short period of time. We take the intrusion seriously, but no system is safe to 100 percent”
At the time there is no information on the way hackers breached the company systems, an internal investigation is under way.
“An internal investigation is under way. In parallel, we will continue to review our systems. We have already implemented a number of measures to increase security, and more efforts may be made if the investigation shows more weaknesses in the system.” said CEO Jimmie Eriksson.
(Security Affairs – cybercrime, Data Breach)