Customer data safe, we don't store it, says Logixal a day after VPN hack

A day after Malaysia-based hacktivist group DragonForceIO broke into the corporate virtual private network (VPN) of e-banking solutions provider Logixal, the company said on June 15 the customer data is safe as it doesn’t store the information.

Speaking to Moneycontrol Logixal CEO Deepak Gala said, “None of our customers have been impacted through this hack because we don’t store any customer data.”

Logixal’s website says its customers are spread across the United States, Europe, Middle East, Africa and Asia, with offices in India, the UK and the US.

As reported by Moneycontrol on June 14, DragonForceIO announced on its underground forum and on Twitter that it hacked into the VPNs of Logixal and edtech services provider Cybernetyx. It also shared credentials that would grant access to the VPNs.

“All the VPN credentials have now been reset, and as for our own data, most of the data is stored in the cloud,” Galla said, as he insisted that the hackers may not have had much success in causing harm.

Investigations were underway, he said. “We are trying to understand how they could get access to the user credentials,” he said.

The Indian Computer Emergency Response Team (CERT-In), too, had got in touch with the company, Gala said.

Since June 10, hackers have been targeting Indian digital entities, including government and public institute websites and VPNs in retaliation to comments made against Prophet Mohammad. They also hacked an Assamese news channel and disrupted broadcasts by displaying a message condemning the comments.

Cybersecurity company CloudSEK had said there was a need to mitigate obvious cyber risks by dealing with malware logs, misconfigured applications, default passwords, unpatched or outdated servers and other assets, and previously leaked databases being sold on the dark web.