Fortinet has confirmed suffering a data breach that provided a threat actor with unauthorised access to a company’s third-party cloud-based shared file drive. In a blog post, the US-based cybersecurity company said that the individual gained access to “a limited number of files” that stored some data of a small number (less than 0.3%) of Fortinet customers.
The company added that it immediately took preventive measures to terminate the unauthorised access and began an investigation. It has also informed law enforcement and select cybersecurity agencies globally.
“A leading external forensics firm was engaged to validate our own forensics team’s findings,” wrote the firm. “Moreover, we have put additional internal processes in place to help prevent a similar incident from reoccurring, including enhanced account monitoring and threat detection measures.”
Hacker spills Fortinet’s secrets on forum
The confirmation came after a threat actor posted on a hacking forum claiming to have stolen 440GB of data from Fortinet’s Azure Sharepoint instance. The hacker also demanded a ransom from Fortinet to prevent publishing the stolen data, BleepingComputer reported.
However, Fortinet claimed that the breach did not involve deployment of ransomware, or access to Fortinet’s corporate network.
The incident also did not result in any malicious activity affecting customers.
Moreover, the cybersecurity firm’s operations, products, and services were not impacted. Fortinet also directly contacted customers as appropriate and helped them with risk mitigation plans.
Additionally, Fortinet expects that the incident won’t have a material impact on the company’s financial condition or operating results as the impact was contained.
Recently, a report from data centre solutions provider Flexential revealed that 95% of IT leaders believe that growing investments in artificial intelligence (AI) will lead to an increase in cyber threats.
Read more: Chartered IIA launches new Internal Audit Code of Practice to strengthen cybersecurity, AI standards
