‘Zzoomm,' a funky low-cost internet service provider in the United Kingdom that provides connectivity to about one million homes in the country, published a service update to apologize for the unexpected downtime. Apparently, the reason for the outage was a DDoS attack that managed to overwhelm the company's technical infrastructure, causing noticeable interruptions in the Henley-on-Thames town in Oxfordshire.
As the relevant notice points out:
To prevent this from occurring again in the future, the upstream provider of Zzoomm has now implemented a DDoS filtering system, as well as additional capacity in the core network, increasing its ability to handle attacks of this kind. However, this work will take some time to be completed as additional equipment will have to be ordered and installed, then tested, and finally made live.
In the meantime, subscribers who have suffered a service disruption will now get a free period of service as well as a free upgrade to the top-tier “fully symmetrical” plan from the beginning of July until the end of August. For those already on that plan, they will continue to enjoy its benefits without paying anything for these two months.
Finally, Zzoomm has promised to set up a service status page for subscribers to be able to check what the status of the service is, if there are any disruptions affecting them, and get to know about details of what is causing problems.
All in all, Zzoomm demonstrates how to own a security incident and act upon it instead of accusing third parties or pretending that nothing has happened. Even if the attack targeted someone else, and even if it affected only a small number of the ISP’s subscribers, the firm has published a candid announcement along with a package of palliation moves.