Hosting company Leaseweb refuses to share information about cyber attack with AP – IT Pro – News

I think it’s a strange story and I think we’re missing a piece.
It reminds me of something I experienced myself. I have adjusted some details for readability and privacy.

One day we discovered that our network had been broken into. We hired a well-known security company and the first thing they did was call all managers to tell them that they were in charge of the investigation and that all information could only be shared with them. They would then judge what could be shared with others. That soon turned out to be nothing. All information was classified as “potentially sensitive” and we were especially not allowed to share anything with the police because they would not be able to handle it properly.

That clashed quite a bit with the internal culture because we wanted to share everything and that is why I am sure that we did not agree on this. After I indicated that I would share information, especially with the police, I was cut off from my own investigation. I called my boss and he didn’t understand it either, but he also didn’t want to take risks with things he didn’t understand and it wasn’t without reason that we had hired a specialist. Long story, after days of calling and consulting, it turned out that this company always advises to keep everything secret and not to share anything with the police, partners, colleagues or the press. They now saw the information they had collected from us as knowledge of their company, and they saw the simple fact that there had been a hack as bad publicity that should be kept secret.
That is not how it works in our sector, we are very fond of openness.

In the end I (my team) were proven right and we shared our information with the police and anyone who wanted it, but that took a lot of time at a time when we didn’t have that time. This involved a lot of finger-pointing in which the risks were placed on the other side and a lot of people seemed not to want to get burned. Perhaps there have been victims elsewhere in the world that could have been prevented with our information.

To be clear, the hack was not very exciting, every large network with many mobile devices regularly receives malware and botnets and occasionally something will slip past your virus scanner. However, the security company acted as if the atomic secrets had been leaked. Of course, such a security company is better than not being a bit too strict, but it felt quite aggressive.

I tell this whole anecdote because I think it’s such a crazy story that I suspect the AP must have had a good reason for going to NorthWave. For example, because she discovered that LeaseWeb no longer had the information itself and/or had no control over it and they became stuck between two companies that refer to each other as responsible.

(Pure speculation, I have no idea what’s going on, but I do know it’s not normal).