On Tuesday September 12, following the shutdown of more than 50 applications and web pages belonging to several public entities, including the Superintendency of Industry and Commerce and the Superintendency of Health, the company IFX Networks reported the occurrence of a security issue which resulted in the shutdown of the tech supplier’s servers. Pursuant to what has been reported so far, IFX Networks has been the victim of a cyber-attack, namely, ransomware. In addition, ever since the attack, IFX has not been able to access the information stored on its servers and has informed that it will not be able to do so until these are recovered.
The incident not only affected public entities such as those mentioned above, but also companies and other private organizations that may have information stored on IFX Networks servers. Therefore, it is advisable to verify whether personal data, and in general, any information of the organization, had been stored on IFX Networks servers (directly or through third parties) and, if so, performing an analysis to verify whether the company’s databases were affected.
Keep in mind that this security event may constitute an information security breach that must be notified to the Superintendence of Industry and Commerce. It is also advisable to implement security incident management measures such as: assessing the impact that the incident could have on the company and on the data subjects; informing those affected by the breach; and adopting controls to prevent future incidents.