Dutch telecoms giant KPN has apologised for a security breach that last week forced it to suspend email access for 2 million of its customers in a dramatic and possibly unnecessary attempt to secure its systems.
The hack happened in January but the company’s hand was forced last week after those responsible appeared to have posted details of 539 user accounts to an Internet site. Exactly where these accounts came from is still not clear, although KPN clearly believed them to be KPN customers.
Dutch sources claim the account details could actually be from a Dutch online baby products website instead.
Either way, two million of KPN’s were temporarily without email as the company’s admins attempted to get to the bottom of whatever breach the company did suffer.
"For you and two million other KPN clients it was very difficult and unwelcome. For this we would like to apologise," KPN said in newspaper ads reported by Reuters. "We would like to apologise two million times."
"We will shortly implement a number changes in the management of our IT organisation to increase quality and effectiveness. The last few weeks have unmistakably shown the necessity for this," added KPN’s managing director, Joost Farwerck, only a week after taking up his post.
Customers have been advised to change their passwords as a precaution.
For such a substantial Internet firm, KPN has had a troubled recent history when it comes to security.
In November the company was forced to suspend issuing SSL certificates after worries that its purchasing system was hacked. About the only good news from that scare was the fact that a clutch of other companies, including Comodo and DigiNotar, had already suffered more serious breaches in the same type of system.