Cyber Incident Victim: DATALAN

On or around the weekend preceding April 23, 2023, the Slovak technology company DATALAN, a.s. became the target of a significant cyber attack. The incident impacted the company's internal and external systems, disrupting its operational capabilities. The attack was identified and confirmed by the company's security teams during this weekend period, prompting an immediate and coordinated response effort. DATALAN officially disclosed the security incident to its customers and the public via a statement published on its corporate website on April 23, 2023.

The primary immediate impact of the attack was the disruption of services, preventing DATALAN's customers from being able to utilize their products, solutions, and services in their full capacity. The company's internal operations were also compromised due to the compromise of its internal systems. The exact nature of the service disruption and the specific products affected were not detailed in the public disclosure, but the widespread mention of both internal and external systems being hit indicates a broad scope of impact across the organization's infrastructure. DATALAN was careful to clarify that the incident was contained solely within its own corporate entity, DATALAN, a.s., and did not extend to or affect other companies that share the same ownership structure, thereby limiting the collateral damage from the attack to its own operations.

Upon discovery of the incident, DATALAN initiated a multi-faceted response plan. A critical early step was engaging with external law enforcement agencies, specifically described as "orgánmi činnými v trestnom konaní," which translates to authorities active in criminal proceedings. This action indicates the incident was treated as a criminal matter from the outset, with the company seeking official investigation and support. Concurrently, DATALAN enlisted the help of an external expert cybersecurity team to assist with the forensic analysis, investigation, and recovery processes. The collaboration between internal resources, law enforcement, and third-party experts formed the core of the incident response strategy.

The company's stated highest priority was the full restoration of services for its customers. To support this goal, multiple analyses were undertaken to evaluate the full scope and overall impacts of the attack. These analyses were essential for understanding the extent of the compromise, the data or systems affected, and for planning the subsequent recovery steps. Alongside these diagnostic activities, DATALAN implemented a multitude of actions aimed at restoring the affected systems. The recovery process was communicated to be gradual and incremental, suggesting a careful and methodical approach to bringing systems back online to ensure their stability and security before full service resumption.

DATALAN maintained a commitment to transparency with its customer base throughout the event. The public announcement served as the initial notification, and the company committed to providing ongoing, gradual updates on the progress of the system restoration efforts. A dedicated communication channel was established for affected customers, directing them to contact the company via email at [email protected] for support or to address any needs arising from the service disruption. The company expressed regret for the situation and acknowledged the inconvenience caused to its customers, thanking them for their understanding while its teams worked intensively to resolve the issue. The public statement did not elaborate on the specific technical details of the attack vector, the potential threat actor responsible, or whether any customer data was exfiltrated or compromised during the incident, focusing instead on the response and recovery efforts.