There is, understandably, widespread concern about the impact of the Log4j vulnerability (https://www.ncsc.gov.uk/news/apache-log4j-vulnerability). This statement is made to keep our customers informed on how this risk has been addressed and managed by Ark Data Centres and Crown Hosting Data Centres.

Services that are accessible from the public Internet and that are connected to Ark Data Centres’ or Crown Hosting’s infrastructure have undergone investigation, both internally by our security teams and externally by the software providers, to understand their exposure to the Log4j vulnerability.

We can confirm that no Ark or Crown Hosting critical infrastructure systems or client data have been compromised as a result of the Log4j vulnerability.

We can also confirm that:

• We present no public internet-facing services that are vulnerable to the Log4j vulnerability.
• We currently utilise a low number of services internally that are vulnerable to the Log4j vulnerability but these are currently either being remediated, patched, mitigated or decommissioned. These systems are also segregated from the public internet and have limited availability within our internal network infrastructure to minimise risk.

We will continue to monitor the developing situation and take any additional actions as required. We will make a further statement should there be a material change in the scope of the vulnerability and its impact on Ark or Crown Hosting.