Status 22. August 2022

We have started to process annual billings again and are now working at full speed to submit the open statements. Consumption metering has been and continues to be uninterrupted, the readings are accurate and are transmitted to us correctly. No values have been lost, so every customer will receive an annual statement.

Our service team is available to our customers as usual, and our installation service is on the road to install or replace equipment. Other previously limited technical services, such as our customer portal or web services are in the testing and verification phase following the restoration. Based on the current progress, we are confident that we will soon be able to offer you our usual service again.

In addition to restoring services, our focus – as reported – is on carefully examining the data package related to the attack that was released by the hacker group.

We discovered that the attackers had published to a limited extent also personal data that we process on behalf of our customers in a small share of the markets in which we are operating. Overall, however, no special categories of personal data as defined in the GDPR are included. We are currently informing customers whose data is affected individually and in writing about the incident.

Status 11. August 2022

The recovery of our data and systems is progressing as planned. We are proceeding very carefully and at the same time implementing comprehensive protective measures with leading experts. We will do our best to reactivate individual services as quickly as possible.
Until then, our customer hotlines will continue to be there for you as usual and our installation service will be on the road for you as well.

Our ongoing analyses, supported by proven IT forensics experts, have shown that the attackers were unable to access the functions of meters and measuring devices. Consumption recording therefore continues to run without restriction. No readings were or are being lost.

Currently, numerous other companies besides ista are reporting cyber attacks of various kinds. We are taking the increased threat as an opportunity to fundamentally review our already high security measures and to further increase the level of protection.
In addition, we closely monitor, with the support of external IT security experts, whether the criminal attackers are publishing data packets.

Today, we identified activity related to corporate data stolen from our servers. A data package related to the attack was published by a hacker group. Together with experienced forensic experts, we immediately initiated a comprehensive analysis of the data package to determine what data has been published. This is going to take some more time.

If we discover that this involves data relating to our customers or employees, we will inform them in accordance with all contractual or legal requirements.

_

Status 29. July 2022

Dear ista customers,

currently, ista’s IT-System have been the victim of an external cyber-attack. As an immediate measure and to help prevent damage to our IT infrastructure, all potentially affected IT systems of the company have been taken offline. As a result, you will temporarily be limited or unable to use certain functions and services. We are very sorry for the inconvenience that this may cause you and ask for your continued patience as we try to resolve the issue.

We have informed the State Data Protection Authority and filed a report with the police. A specialist team of internal and external experts is currently conducting a thorough investigation of the incident and is working at full speed to remedy the disruption as quickly as possible. However, this may take some time.

We therefore continue to ask for your patience and hope for your understanding. Please be assured that we are taking the incident once again as an opportunity to review our extensive existing security measures in order to prevent similar attacks in the future.

Currently, we do not yet know what data the attackers obtained or what data has been accessed. All current information on the current status of the investigation and answers to the most important questions can be found here on our website, which we are continuously updating, as soon as new information arises.

You can also contact us via our social media channels. Please understand that given the circumstances, we may not be able to respond to your enquiries as quickly as you would expect.

We hope to resume our usual services as soon as possible.

What is the cause of the malfunction?

ista has been the victim of an external cyber-attack, where an unauthorized, malicious third party has gained access to our IT systems.

As an immediate measure and to help prevent damage to our IT infrastructure, all potentially affected IT systems of the company have been taken offline. As a result, you will temporarily be limited or unable to use certain functions and services. We are very sorry for the inconvenience that this may cause you and ask for your continued patience as we try to resolve the issue.

How could this happen?

Despite the existing security measures in companies, the number of cyber-attacks is increasing extremely in Germany and internationally. So, despite comprehensive security measures, any company can become the victim of cyber-attacks. We regret the inconvenience this has caused and are also taking this attack as an opportunity to review our existing security measures once again to prevent similar attacks in the future.

When will everything be available again?

We have started to process annual billings again and are now working at full speed to submit the open statements. Consumption metering has been and continues to be uninterrupted, the readings are accurate and are transmitted to us correctly. No values have been lost, so every customer will receive an annual statement.

Our service team is available to our customers as usual, and our installation service is on the road to install or replace equipment. Other previously limited technical services, such as our customer portal or web services are in the testing and verification phase following the restoration. Based on the current progress, we are confident that we will soon be able to offer you our usual service again.

Do I still pay for service even though it may not have been provided?

You will find all information on this in our GTCs under item seven "Meter reading, user change". As a rule, a cancelled appointment will be made up within two weeks. You will only be billed for services that we have provided.

Were the relevant authorities informed in time?

After becoming aware of the cyber-attack, we immediately informed the relevant authorities and filed a criminal complaint.

What customer data is published?

We discovered that the attackers had published to a limited extent also personal data that we process on behalf of our customers in a small share of the markets in which we are operating. Overall, however, no special categories of personal data as defined in the GDPR are included. We are currently informing customers whose data is affected individually and in writing about the incident.

What should I personally do to protect my data?

Delete suspicious emails from unknown senders. Never open links or file attachments contained in such emails.

As a precaution, change all passwords that you use in connection with ista online services. Change your passwords for other online services as well if you have used the same login data there. We recommend that you use an individual secure password for each online service.

Do I have to do anything as a customer?

For your own safety: delete suspicious emails from unknown senders. Never open links or file attachments contained in such emails.

As a precaution, change all passwords that you use in connection with ista online services. Change your passwords for other online services as well if you have used the same login data there. We recommend that you use an individual secure password for each online service. 

Are the agreed deadlines of the service employees met?

Orders for services such as drinking water analysis received via the website can still be placed. Agreed appointments will be kept by our ista service partners. We are sorry if a service appointment was not carried out in the past few days immediately after the disruption to our IT systems.

Do I still pay for the service even though it may not have been provided?

You will find all information on this in our GTCs under item seven "Meter reading, user change". As a rule, a cancelled appointment will be made up within two weeks. You will only be billed for services that we have provided.

What happens to my request with which I have already contacted ista since Monday, 25.07.2022?

Thank you for submitting your request. If you submitted your request by email and received a message that this message could not be delivered (please check your inbox and also your spam/junk folder) we would like to ask you to resend us your mail. If you did not receive an error message, it is not necessary to contact us again. As soon as the error is fixed, you will receive a confirmation about the receipt of your request as usual. This applies to the input channels e-mail and fax. Please understand that this will be delayed.

What do I have to do now as a user of the customer portals?

We are working at full speed to resolve the technical issues in order to be back for you as soon as possible. It is currently not possible for us to predict a fixed date for the return of our services. As soon as we are available again via our portal functions, we will inform you about it here. We ask for your understanding for the inconvenience.