Major security breach at Austrian AI startup localmind.ai
18 hours ago
- #Data Protection
- #Cybersecurity
- #Incident Response
- Attempted unauthorized access to systems was successfully blocked by new security measures.
- A temporary text alteration on an externally managed website was corrected.
- The core system of the Localmind platform was not compromised; attacks occurred via administrative interfaces and test environments.
- Affected systems were isolated immediately, and vulnerabilities were closed.
- Virtual machines are being transferred to new, highly secure data centers with isolated infrastructure.
- Forensic investigations are providing a clearer picture of the attack sequence.
- Comprehensive technical and organizational measures are being implemented to enhance security.
- Customers are being individually informed about potential impacts on their systems.
- A report was submitted to the Austrian data protection authority as per GDPR requirements.
- Support is offered to customers for evaluating the need for data protection notifications.
- Systems are being prepared for a controlled restart in a new data center under strict conditions.
- The incident involved unauthorized access via a misconfigured beta-test instance, leading to broader system access.
- All affected test and beta systems were taken offline immediately, and access credentials were reset.
- A forensic investigation is underway to fully understand the attacker's activities.
- Customer systems remain offline pending thorough security audits before restart.
- Processes are being prepared to provide customers with secure data exports for their own verification.
- The company acknowledges responsibility for the incident and apologizes for the breach of trust.
- Immediate measures included deactivating external systems, resetting passwords, and enforcing 2FA.
- Ongoing efforts focus on restoring systems securely and transparently.