DistantNews
🇩🇰 Denmark /Crime & Justice

Utility Company HOFOR Reports Potential Leak of Customer Data

From Berlingske · (11m ago) Danish Critical tone

Translated from Danish, summarized and contextualized by DistantNews.

TLDR

  • Hovedstadsområdets Forsyningsselskab (HOFOR), serving over a million customers in the Copenhagen area, has alerted customers to a potential data breach.
  • Malicious actors may have accessed customer information due to a vulnerability in the login system, where altering customer numbers could grant access to other accounts.
  • The vulnerability was discovered on March 30 during an internal review, and HOFOR cannot confirm when it originated, noting the affected login solution has been operational since 2014.

A significant data security concern has emerged from Hovedstadsområdets Forsyningsselskab (HOFOR), the utility company serving over a million customers in the greater Copenhagen area. In a letter sent to customers on Thursday, April 30, HOFOR disclosed a potential breach, warning that "malicious actors" may have gained unauthorized access to customer information.

Malicious actors have potentially been able to access customer information.

— HOFORHOFOR's statement to customers detailing the potential data breach.

The vulnerability lies within the company's login system. HOFOR explained that by manipulating specific number combinations—the customer number and BS customer number—it was potentially possible to access the data of other customers. This means that personal details could have been exposed to unauthorized individuals, including those with malicious intent.

HOFOR stated that the issue was identified during an internal review on March 30. However, the company admitted it cannot determine the exact timeframe during which this vulnerability existed, as the login solution in question has been in use since 2014. This lack of clarity on the duration of the exposure is particularly concerning for affected customers.

It cannot be ruled out that other customers or malicious actors have potentially gained access to your customer information.

— HOFORHOFOR's warning to customers about the extent of the potential data exposure.

From a Danish perspective, this incident underscores the critical importance of robust cybersecurity measures, especially for essential service providers like HOFOR. While HOFOR is taking steps to inform customers and address the vulnerability, the potential for widespread data exposure, particularly given the system's long operational history, raises serious questions about oversight and security protocols. The company's communication, while direct, highlights a lapse that could have significant implications for the privacy of its vast customer base. The focus now shifts to HOFOR's response and its commitment to preventing future incidents.

The login solution in question has been in operation since 2014.

— HOFORHOFOR providing details on the duration the vulnerable system has been active.
DistantNews Editorial

Originally published by Berlingske in Danish. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.

More Stories

From Our Blog