On Wed, Jun 19, 2019 at 1:26 PM Calum Mackay via Exim-users < exim-users@exim.org> wrote:
> Luckily, it looks like the trojans did nothing more than repeated > attempts to open up my ssh server to root logins, which I think (and > hope) didn't actually work, so I may have been lucky, and the damage > isn't widespread. > > > ought I to be reporting this anywhere? > > As this puts the metadata and content of emails transmitted through your server at risk, as well as any authenticated user/customer login details (passwords, too), if you are operating within the EEA, you are bound by the GDPR and probably have a duty to alert any affected and potentially affected users/customers about the breach and what kind of data is astray, etc. -- Jan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/