June 30, 2022 — Security Update for ERIS Customers
On Friday, June 24, we identified some suspicious activity involving emails claiming to have originated from ERIS, which had been sent to some of our clients. Those emails were not sent by ERIS.
After a robust investigation, to the best of our knowledge, no fraudulent emails were ever sent by ERIS or any third party, however, malware was detected as having been deposited on marketing webpages and that malware has been removed. The ordering portal of our website was never affected by this, and we continue to receive and process all of your orders. As a result of this incident, any ERIS email that was received recently and that linked back to our marketing site should have routinely been detected by your IT security and quarantined.
ERIS took immediate action to isolate the problem and initiated a forensic investigation with the ERIS IT group, a cyber-security consultant, and a leading digital forensics company, eSentire Inc. Based upon our own IT group’s analysis of the situation, and based on these experts’ analysis of our website, we have been advised that there is no evidence that any client data was accessed, nor were our core systems affected. We further understand that any ERIS Reports generated to our clientele are free of any of this malware.
We apologize for any inconvenience the temporary unavailability of our website features may have caused; however, we had to ensure that our data, infrastructure and client interface remain safe and secure. ERIS continues to maintain the integrity of its operating system.
Carol Le Noury, President, ERIS