November 6, 2007 -- (WEB HOST INDUSTRY REVIEW) -- This week, the WHIR reported a recent robbery at Web hosting provider C I Host's (cihost.com) Chicago colocation facility, in which an employee was assaulted with a tazer by intruders who took at least 20 data servers.
Level 1 PCI DSS Certified Service Provider! DataPipe delivers the best network & support; top tier data centers; New York metro, Silicon Valley, London, Hong Kong, Shanghai. DataPipe - Personal Touch, Global Reach.
Although C I Host can't speculate as to precisely why its facility was broken into, says James Eckels, chief corporate counsel, it believes it is being targeted. Eckels says C I Host believes the perpetrators were sophisticated robbers who were likely familiar with the building layout, the company's operations and the technology involved, and that they "know what they're doing."
According to C I Host, on the night of the robbery the alarm went off shortly after midnight, which brought the Chicago Police Department to the facility to search for disturbances. After finding nothing, the police left and "even hit us with a false alarm fee," says Eckels. At around 3:15 a.m. the alarm went off again, and the robbery was discovered. C I Host speculates that the robbers were hiding in the mechanical closet, and were missed by the police when they scanned the facility, before making a move into the data center.
Eckels says C I Host's data center manager called each customer affected by the incident and emailed them each a notice of what had occurred, with C I Host's and the Chicago Police Department's contact information.
C I Host has been offering temporary boxes to affected customers, but Eckels says most have opted to purchase their own replacement servers. The company has asked customers to keep their receipts for possible future reimbursement, based on whatever settlement the company reaches with its insurance company.
"Bottom line is, no-one likes to hear what we have to say," says Eckels. "We can offer services or discounts, but people want money. They want compensation. But we don't have money to give them. We're just as victimized as our customers. They came to us because we offered them cheap colocation services. They think because we're a corporation we have lots of money, but we make our money through volume. If we had the money, we would give it to them."
Customers involved in attempting to set up a class-action lawsuit, however, say C I Host is responsible for keeping their equipment safe. The previous break-in at the same location, they say, makes the latest incident the result of negligence on the company's part.
Eckels says C I Host recognizes there is a flaw in its security system, but says other factors may have led to the incident. C I Host is a tenant in a larger building, and the company doesn't own the entire compound. Eckels says the building owners need to shoulder some of the responsibility for boosting its security measures. He says the building happens to be in a "bad area of town." C I Host, he says, has changed its security guard situation to employ someone the company finds more reliable and proactive.
While information about the break-in has been mostly disseminated through online forums up to this point, Eckels says that sort of discussion often ends up including misinformation. He says he hopes customers will deal with the company directly.
"There's no resolution really," he says. "We're dealing with the situation on a customer-by-customer basis. We've got nothing to hide, even though people have been saying otherwise online. The forums have been a bed of misinformation - extortion compounded with defamation. One of the biggest mistakes is that people are talking about four robberies. A robbery means than property has been seized through violence or intimidation. C I Host has technically only been robbed twice in two years. The other two were break-ins where things were stolen, but not robberies."
Customers may be happy to deal directly with a company honestly addressing a difficult situation. But according to some forum posts, a few have already packed up and moved their business to other hosts.
Pretty well balanced article. I'd make a few revisions if I were the editor of the article, but generally I appreciated Anastasia's reporting. I do want to emphasize that C I Host is committed to responding to inquiries about this issue. It may take longer to get back to you than you would like, but you will get a call back. To that end, please call or e-mail me directly if you were victimized by the robbery and have questions about how to handle your situation. I'd also be willing to answer questions from any Chicago customers who were not affected. Finally, my last name is Eck"e"ls, not Eck"le"s...no biggie... posted by: james m. eckels | November 06, 2007 01:14PM
James. Sorry about the mistake in the spelling. That's been corrected, as you can see. posted by: Liam Eagle | November 06, 2007 01:26PM
"They came to us because we offered them cheap colocation services."
No, they came to you because you offered SECURE colocation services, which you did not deliver.
You did not deliver on your physical security statements and you did not deliver on your information security statements.
CI Host talked a good game and made loud security boasts (It seems that everyone who can use a keyboard at CI Host is a "security expert") but as circumstances have shown, it was all just a big load of bull.
Secure service offerings are a giant, expensive administrative nightmare, and precious few hosting companies can actually make the magic work.
Just admit you over-promised and under-delivered. That would be a refreshing change. posted by: Devin Ull | November 07, 2007 01:29PM
hmmm, seems that CI host was indeed at fault, even more so given the fact that the center was robbed in the past, and security was never really improved. It would be nefarious to blame the customers for the lack of security, CI Host is probably going to have to anty up on this one. posted by: Mike Kass | November 08, 2007 03:41PM
I feel really insulted by how this article displayed CIHOST in a shinning light. As one of the people that lost equipment. We have called and emailed MANY times with almost no communication. The only communication back was an email stating not to SPAM them. The boxes we were offered was a P4 box... compared to our Dual-Quad Core systems... Im sorry but we have not seen any effort on CIHosts part to help us or communitcate with us or offer any compensation for this. We have been begging for communication with CIHost but have not recieved it and have been forced to move. posted by: Nick | November 10, 2007 01:56PM
I don't think the article does anything to portray C I Host in any light, one way or the other. It gives a representative from the company the opportunity to answer the questions "what happened?" and "what are you doing about it?" - an angle that's missing from several articles I've read by people who didn't or couldn't get in touch with the company. In fact, Anastasia is careful specifically not to editorialize the issue. The context of this story is "C I Host had a break-in. Things were stolen. Some customers are very upset." Needless to say (and quite understandably) you're one of those very upset customers - and your personal account, frankly, is a good additon to the comemnt section. But I don't think you should find the article insulting. posted by: Liam Eagle | November 12, 2007 01:54PM
Responsibility for a Data Center is Huge, but I cannot see how this could have happened without someone being alerted. 24x7 guards, cameras, 24 hr staff, cutting through a wall, give me a break, there was time to react. Be Safe, Be secure, but be on your toes! posted by: Jerry | November 12, 2007 02:00PM
"Eckels says C I Host recognizes there is a flaw in its security system, but says other factors may have led to the incident" Not sure why Eckles left out that CiHost didn't pay the Illinois Security Services company as they are now getting sued for $21,000 by ISS. The security company pulled out in Sept because non-payment. The kicker, if Ci-Host paid the bill and the center was still broken into the security company would handle the liability. Was this one of the "factors" of why our servers were able walk out the hole in the wall? If they stuck with what they promised this would not of happened at all. Even today on the website they have - 24x7 security guard. If the WHIR would like to do a follow up article please feel free to contact me. posted by: Unixbox | November 12, 2007 07:24PM
'"C I Host has been offering temporary boxes to affected customers, but Eckels says most have opted to purchase their own replacement servers." Usually a replacement server would have at least the same power as the ones stolen. Here are the ones offered to us and not until Oct 26th. "James Moses Oct 26 I was able to get the following: 1 x Dual Core Xeon 3.0 2GB RAM 1 x P4 3.0 1GB RAM Both with 80GB HDD Since you have your own ISO, would you like us to put OS on the machines?" Then I asked for better equip... "Allan Brand Oct 26 These are the best units we have we have on hand right now and the only dual Xeon." To date we still do not have resolution with CiHost and are still down. They wont even refund our money for the rest of our prepaid months. posted by: unixbox | November 12, 2007 08:22PM
"They came to us because we offered them cheap colocation services. They think because we're a corporation we have lots of money, but we make our money through volume. If we had the money, we would give it to them."
We didn't come to them based on cheap colo. We came to them because they advertise 24/7 noc, 24/7 guards, multi locations, and Physical access control. In My opinion: They don't care that the customers servers, they promised to protect were stolen. If they did they would reimburse us or offer us equal equipment to get our businesses back online. At this point they just hope we leave so they can put the space back on the website for sale to get some other poor victim. But this time it will be different as 15 of us found each other as well as a lawyer. posted by: Unixbox | November 12, 2007 08:51PM
"C I Host has technically only been robbed twice in two years. The other two were break-ins where things were stolen, but not robberies."
Way to keep the stats down. Only 2 robberies. The rest we will put in the other stats category.
"a few have already packed up and moved their business to other hosts."
No need for us to pack up and move. CiHost already did the packing. I guess we saved on a moving truck. If you would like to know more about the class action suit please email me at info@unixbox.ws
posted by: unixbox | November 12, 2007 08:57PM
""Bottom line is, no-one likes to hear what we have to say," says Eckels. "We can offer services or discounts, but people want money. They want compensation. But we don't have money to give them."
Key financials for C I Host
Company Type Private
Sales (mil.) $14.4 (est.)
Employees 202
In my opinion CiHost only cares about the money. The owner likes his fast cars and will not give up a penny to make things right. He would rather drive around with the top down in the fast cars we paid for him to drive. posted by: Unixbox | November 13, 2007 10:08PM
Is this Eckles guy a lawyer for CI Host? He sounds so unprofessional in this article. 2nd rate company. But again they have always had bad PR. This one seems to take the cake posted by: Brandon | November 15, 2007 01:05PM
Brinks was woke up by such security mishaps. CIHost has a board that believes it would be OK to have a robbery twice in one year. I don't care about once. They need security. Customers need to be compensated and the company should take responsibility. Another victim of DOT COM. They have no money one breakin and they are done. posted by: jason | January 29, 2008 11:46PM
I am a former CIHOST employee, and reading this story and the way the incident was mis-handled does not surprise me. I am just glad I made it out of there and I don't have to lie to customers for them anymore. posted by: Johnny Smoke | April 30, 2008 05:48PM
