Statement - Where are we now (September 2)

Statement - Where are we now (September 2)

Share this article
UPDATE: As of September 10, the situation has improved and we're happy to report that we have successfully recovered all available courtesy backups, with most remaining impacted accounts already restored. Consult our post-incident guide or contact support if you continue to experience issues.

This has been a challenging week. As a small business ourselves, we deeply empathize with our clients during this stressful time and our team is working diligently with our clients to restore their websites and emails. We are and will continue to be there for our clients.

Our investigation to date has determined that on the morning of August 28 an individual with a third-party service provider used their privileged account access to connect to one of our datacenter’s management portals. Without authorization the individual initiated actions that resulted in data loss on part of our backup and production servers.

Within hours our incident response team had identified the issue and disabled access to the source account preventing any further damage and secured the environment. Our response plan immediately kicked into action, but data was already impacted.

We have assembled a taskforce team, including internal and external experts, that has been working around the clock to recover the maximum amount of data and to assist clients’ business operations. Time is of the essence, and we are keenly aware of that. While our focus has been on addressing the data disruption, we are committed to frequent communication with our clients.

To date, our team’s actions have successfully recovered over 60% of impacted client accounts. Additionally, many clients rapidly restored service using their existing local backups in conjunction with our support team, reinforcing the importance of local backups. Our taskforce is actively working with data recovery experts to help system-level storage recovery with remaining accounts.

We have identified the individual and confirmed this was not a ransomware attack and there is no indication that data of any kind was ever downloaded, exported, shared, or exposed. The authorities have been notified and an investigation is ongoing.

We will continue working hard and will provide timely updates.


Emil Falcon
CEO at Web Hosting Canada

You can follow LIVE updates on the situation here.

About the author: Emil Falcon

Emil is WHC's Founder and CEO. When he’s not busy obsessing about things such as optimizing workflows or enhancing system performance, security and reliability, he’s spearheading initiatives that can help entrepreneurs and businesses succeed across Canada.

See all articles from this author Interested in writing for Web Hosting Canada?
Web Hosting Canada manages fast and reliable online infrastructure with 24/7 support. Learn more about WHC