Malware attack on facility management service provider ISS

[German]The Danish service company in the field of facility management has been victim of a cyber attack on its IT systems. The company confirmed the malware attack and shut down all IT systems.


According to Wikipedia, ISS A/S is a listed Danish service company based in Copenhagen. The company operates as a general contractor in the field of facility management, i.e. the maintenance of buildings and facilities, in 77 countries. Other services include technical facility management, cleaning and catering, security services, reception and telephone services, among others. The name ISS today stands for "International Service System". The company's website is available here

The Security incident at ISS

Swizz blog reader Markus B. informed me this evening by mail about the ransomware attack on ISS (thanks for that). Markus referred to this German article, which is based on the Swiss ISS subsidary. In the meantime, a confirmation dated 21.2.2020 can be found on the company's website:

Security incident impacting parts of the IT environment

On 17 February 2020, ISS was the target of a malware attack. As a precautionary measure and as part of our standard operating procedure, we immediately disabled access to shared IT services across our sites and countries, which ensured the isolation of the incident.

The root cause has been identified and we are working with forensic experts, our hosting provider and a special external task force to gradually restore our IT systems. Certain systems have already been restored. There is no indication that any customer data has been compromised.

The nature of our business is to deliver services on customer sites mainly through our people and as such we continue our service delivery to customers while implementing our business continuity plans. Our priority is to ensure limited or no disruption while we fully restore all systems.

We are currently estimating when IT systems will be fully restored and are assessing any potential financial impact.

The group was already victim of a malware attack on February 17, 2020. As a precautionary measure, the standard procedure intended for such cases was therefore activated.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *