Fortinet hit by third-party data breach, impacting Asia-Pacific customers
Fortinet, the third-largest cybersecurity vendor behind Palo Alto and CrowdStrike, confirmed on Thursday that it had suffered a data breach. The breach occurred through unauthorized access to a limited number of files stored on a third-party cloud-based shared file drive. The incident, which did not compromise Fortinet’s corporate network, is reported to have affected a small percentage of its customers in the Asia-Pacific region.
In a blog post, Fortinet disclosed that less than 0.3% of its customer base was affected. The company clarified that operations and services were not impacted, and there is no evidence of malicious activity targeting customers. Fortinet has already notified affected clients and law enforcement.
The breach was first reported by Cyber Daily, which noted that a threat actor claimed on a cybercrime forum to have obtained 440 GB of data from a Fortinet Azure SharePoint instance. The attacker, who reportedly made the data available for download on an AWS S3 bucket, claimed Fortinet had cut off ransom negotiations, prompting the leak.
While Fortinet did not confirm these ransom claims, it emphasized that no ransomware or encryption was involved in the attack. The security vendor also stated that the breach is unlikely to have any significant financial impact. Following the breach, Fortinet engaged an external forensics firm to assist with the investigation and has implemented enhanced monitoring and detection measures to prevent similar incidents in the future.
Fortinet’s products, particularly its VPN services, have been frequent targets of cyberattacks in recent years, raising concerns about security vulnerabilities. This latest breach underscores the challenges facing even top-tier cybersecurity companies in maintaining data protection in the cloud environment.
Comments