Overview
- CIG says attackers accessed backup systems on January 21, obtaining read-only access to limited personal details.
- Exposed data included names, contact information, usernames, dates of birth, and metadata; passwords and payment information were not in the affected systems.
- The company reports the intrusion was contained, security settings were refreshed, and no public release of accessed data has been detected.
- Disclosure appeared as a small website service alert, prompting backlash over the notice’s visibility and the timing of the announcement.
- The number of affected users remains undisclosed, and security reporting warns the exposed details could enable phishing attempts.