Update on our statement of January 25, 2020 on the results of the investigation of the former misconfiguration of one of our servers.
As you may already be aware, in January 2020, we have been alerted that personal data of our clients have been exposed. We have investigated that event in detail with utmost attention and in close cooperation with the competent data protection supervisory authority, the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA).
The cause of this exposure was a misconfiguration (open port) of the firewall of the backup server of our fleet management system that we use to manage claims in connection with the vehicles we rent. We learned about this exposure on January 20, 2020, and closed the open port on the same day.
We are pleased to inform you today that based on our analysis and the investigations of the BayLDA no indications could be found that data exposed could have fallen into unknown hands as a result of the incident. There is also no indication that the incident may have led to any other misuse of data. In coordination with the BayLDA, we therefore do not see a high risk for the persons whose data was affected by the incident.
Nevertheless, we would like to take this opportunity to sincerely apologize to you once again for the event and assure you that we have already taken and will continue to take all necessary technical and organizational measures to ensure the protection of your data .