Customer Service Messages / April 12, 2019: EnergyCAP Failover Test—Server Outages
The following incident report is being provided by EnergyCAP, Inc. (ECI) per the terms of our data security policies and practices. The scope of the incident is considered “Low,” as no EnergyCAP client data or databases were impacted by the incident. Remediation steps have been taken by ECI’s Security Incident Response Team (SIRT), and the issue has been resolved. Additional details are provided below.
Description. On April 11, 2019, at 12:20pm EDT, an automated alert was sent to EnergyCAP Operations regarding a failed secure shell (SSH) login attempt that originated from two EnergyCAP-owned web servers that contain software help and documentation resources. At approximately 12:35pm, the two Linux web servers were removed from the EnergyCAP network in order to contain any potential exposure, and evidence was collected from the servers.
While conducting an investigation on the two servers, ECI Operations staff found unauthorized processes running that were connecting to external, public services. The processes were traced to a recently discovered vulnerability of Atlassian Confluence (Confluence Security Advisory - 2019-03-20). Confluence is a web platform licensed by EnergyCAP from Atlassian and used to create, manage and publish User Manual, Help and other resources.
The processes were unable to access any other devices on the EnergyCAP network, and the exposure was limited to data only on the two public documentation servers. The scope of the incident is considered “Low,” as no client data or databases were affected.
Remediation. New server instances are being built and patched prior to replacing services. SIRT is also evaluating the need for additional network and firewall changes to minimize future threats.
Impacted Services.
Impacted Data. Data on the affected servers is publicly visible via web browser. The confidentiality of the data is not a concern. Data will be recovered and verified for integrity before the services are resumed. EnergyCAP users will be unable to use online help documentation for EnergyCAP software Versions 3 and 6 until the servers have been recreated and put back into service. EnergyCAP Version 7 help services have not been impacted by this incident.
Contact. Our Client Services team is prepared to handle any questions that clients may have. Please direct information security questions to:
Adam Hegedus
Chief Security Officer
EnergyCAP, Inc.
Email: adam.hegedus@energycap.com
©2022 EnergyCAP, LLC. All Rights Reserved.
Company
/Homepage/SOC2.svg "SOC2")
/Homepage/ENERGYSTAR.svg "ENERGYSTAR")
/Homepage/GSAContractHolder.svg "GSAContractHolder")
/icon_LinkedIn_footer.png?width=30&name=icon_LinkedIn_footer.png){kind=icon}
/icon_Facebook_footer.png?width=30&name=icon_Facebook_footer.png){kind=icon}
/icon_Twitter_footer.png?width=30&name=icon_Twitter_footer.png){kind=icon}