Statement - Where are we now (September 2)

This has been a challenging week. As a small business ourselves, we deeply empathize with our clients during this stressful time and our team is working diligently with our clients to restore their websites and emails. We are and will continue to be there for our clients.

Our investigation to date has determined that on the morning of August 28 an individual with a third-party service provider used their privileged account access to connect to one of our datacenter’s management portals. Without authorization the individual initiated actions that resulted in data loss on part of our backup and production servers.

Within hours our incident response team had identified the issue and disabled access to the source account preventing any further damage and secured the environment. Our response plan immediately kicked into action, but data was already impacted.

We have assembled a taskforce team, including internal and external experts, that has been working around the clock to recover the maximum amount of data and to assist clients’ business operations. Time is of the essence, and we are keenly aware of that. While our focus has been on addressing the data disruption, we are committed to frequent communication with our clients.

To date, our team’s actions have successfully recovered over 60% of impacted client accounts. Additionally, many clients rapidly restored service using their existing local backups in conjunction with our support team, reinforcing the importance of local backups. Our taskforce is actively working with data recovery experts to help system-level storage recovery with remaining accounts.

We have identified the individual and confirmed this was not a ransomware attack and there is no indication that data of any kind was ever downloaded, exported, shared, or exposed. The authorities have been notified and an investigation is ongoing.

We will continue working hard and will provide timely updates.

Sincerely,

Emil Falcon
CEO at Web Hosting Canada