Internet domain host GoDaddy on Monday disclosed a recent data breach that the company said impacted the customer data of around 1.2 million individuals.
In a document filed to the Securities and Exchange Commission on Monday, GoDaddy noted that the company had discovered its Managed WordPress hosting environment had been compromised by an “unauthorized third party,” resulting in emails and customers numbers of 1.2 million Managed WordPress users being exposed.
GoDaddy warned that data breach, which had been ongoing since September, increased the chances of email phishing attacks against impacted customers.
GoDaddy Chief Information Security Officer Demetrius Comes wrote in the disclosure that GoDaddy had contacted authorities, brought in an unnamed IT security firm to investigate the incident and had blocked the perpetrator from the system.
“We are sincerely sorry for this incident and the concern it causes for our customers,” Comes wrote. “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
This is not the first time GoDaddy, which has an estimated 20 million customers worldwide, has been impacted by a data breach.
Bleeping Computer reported last year that the company disclosed a security incident to impacted individuals that noted an unauthorized person had accessed customer login information, compromising hosting accounts of 28,000 customers.
The breach also comes during a year that has seen multiple cybersecurity incidents, including high-profile attacks against companies such as Colonial Pipeline and meat producer JBS USA. IT group Kaseya was also among those hit, with up to 1,500 companies potentially impacted as a result of the Kaseya incident.