Cyber Incident Victim: Interxion Holding NV

In December 2015, Interxion, a European data center services provider, detected unauthorized access to its customer relationship management (CRM) system. The breach involved an attacker executing a report that extracted business contact information for approximately 23,200 individuals associated with Interxion’s corporate clients and prospective customers. Compromised data included contact names, job titles, business email addresses, business phone numbers, and other professional details stored within the CRM. The company initiated an investigation upon discovery but did not publicly disclose the specific method of intrusion or the exact date of initial compromise. Interxion confirmed that the breach did not expose financial records, login credentials, or other categories of sensitive personal data beyond the professional contact information described. The scale of affected organizations remained undisclosed, with the company referencing only the total number of individual contacts impacted by the report extraction.

Interxion notified affected customers via email during the weekend preceding January 11, 2016, confirming the incident’s occurrence in December and the nature of the exposed data. The company’s communication acknowledged the risk that attackers could weaponize the stolen contact details for targeted phishing campaigns or other social engineering attacks against the individuals listed. No evidence suggested misuse of the data at the time of disclosure, though Interxion advised vigilance regarding suspicious communications purporting to originate from the company. The breach notification did not detail specific containment measures, forensic findings, or security enhancements implemented post-incident. Public reporting indicated the incident exposed business-to-business contact information exclusively, with no compromise of Interxion’s core data center operations or customer infrastructure hosted within its facilities.