E-on discloses breach that began in 2013
A customer who received this notification via e-mail sent it along to DataBreaches.net. The firm has publicly acknowledged a problem on their Twitter page:
Statement on the Cyber-Attack at e-on
January 25, 2018
Dear Community of e-on Users —
Safeguarding your personal and financial information is one of our top priorities. In late November 2017, we learned that e-on was the target of an external cyber-attack. Immediately upon learning of the attack, we made every effort to close the security vulnerability. In addition, we engaged one of the world’s leading cybersecurity companies to evaluate our systems and to identify remediation solutions. We shut down the main server on December 19, 2017 after conducting internal security tests on the live production server to thoroughly mitigate the security vulnerability.
What we know—
We have discovered these criminals may have gained unauthorized access to e-on’s servers, for a period of time, dating back to June 2013. Some of the information contained on the affected servers includes names, addresses, email addresses, phone numbers, order and transaction information, membership information, subscription and maintenance plan information, public forum posts, technical support requests, software license information, and activation information. Based on what we know now, there is no evidence that login passwords and sensitive financial information including banking information and credit or debit card information were compromised as this data was protected by encryption and hashing.
What we are doing in the short term—
As many of you know, Bentley Systems, a leading global provider of comprehensive software solutions for advancing infrastructure, acquired e-on in 2015. E-on has been and continues to be, a leader in the creation, simulation, and integration of natural 3D environments.
Bentley takes the privacy of its users to be of the utmost concern, and we are working hard to minimize the disruption to e-on’s users. We are doing everything in our power to make e-on’s systems and security processes more secure. We have set up a temporary website to handle all requests for software activation, software downloads, purchases, technical support, and other requests. During our main server outage, it is necessary that these requests be processed manually by e-on’s software team. We will process all requests as quickly as possible, and in most cases, within 24 to 48 hours upon receipt. Unfortunately, we will not be able to provide the 24/7 support that had been available on our self-service website, and requests will temporarily be processed during our home office business hours, 9:00am to 5:00pm (UTC +1:00). We greatly apologize for this inconvenience while we implement new security software tools and procedures, along with a new server infrastructure to safeguard e-on’s website.
What we are doing in the coming months—
We will need to rebuild the e-on e-commerce website and the Cornucopia3D website “from the ground up.” While this will take time, we will re-introduce online services as they are available, and their security has been thoroughly tested. We anticipate that the Cornucopia3D content store will be the last online service to be restored due to its technical complexity. However, we are exploring ways to allow our users to re-download content they have already purchased, and will provide updates on that process as we know more.
The e-on software team and Bentley greatly regrets the inconvenience this data breach may have caused our users. We are committed to do all we can to ensure that all your future experiences with e-on will include the confidence that your data and your personal information is secure. We have a motto at e-on: “Our team is there for you,” and we will work tirelessly to live up to those words and regain your trust.
We will continue to provide updates as we learn more and will keep you posted as services become available.
The e-on Software Team