Belgium’s Econocom, a leading digital transformation company, has confirmed a cybersecurity attack that is currently under serious investigation and containment measures. The latest findings indicate that the leaked information originated from a third-party service provider working for a few Econocom clients in France. No internal systems or databases at Econocom have been affected, and there is no evidence to date of the disclosure of sensitive data.

On Sunday, August 20, a group of attackers claimed via a Twitter post to have hacked Econocom and began publishing data. No ransom demand has been received by the company. A formal complaint is being filed.

Upon learning of the incident, Econocom’s Group Security team and Security Operations Center immediately mobilized and initiated the first investigations. Initial findings did not reveal any malicious activities within Econocom’s Information Systems. The most plausible hypothesis was that the incident was a remnant of a previous attack in 2020, which had been contained.

On Tuesday, August 22, around 15:00 CET, Econocom noticed that more recent data had been exfiltrated and activated its cyber crisis management protocol. The exfiltrated data were found on two individual SharePoint folders (created via Teams). These folders contained minimal data and were isolated as soon as they were identified on Tuesday, August 22, 2023, at 16:00 and 18:00 respectively. All access to these SharePoint folders has been blocked. Econocom’s SharePoint infrastructure also prevents any form of propagation to other systems.

On the morning of Wednesday, August 23, investigations revealed that a user workstation from a third-party service provider in France was the likely source of the data leak. The service provider was immediately contacted to identify and block the source of the attack and assess its full impact. The staff of this service provider, who connect to an Econocom resource via VPN to retrieve necessary documents, have been identified, and their access to Econocom resources has been revoked. Investigations confirm that the leaked data originated from a shared space at the provider’s end.

As of now, the most plausible explanation is that the third-party service provider was compromised, and the data were exfiltrated from their infrastructure. However, investigations and containment measures continue at Econocom to ensure that no internal systems have been compromised.

Any significant new developments will be transparently communicated to all stakeholders, including relevant authorities.

Econocom Group SE is a European provider of business-to-business digital services.