Fortinet has experienced a breach the company claims had minimal security implications.
What happened
Fortinet recently experienced a security incident involving unauthorized access to a limited number of files stored on a third-party cloud-based shared file. The incident affected less than 0.3% of Fortinets customers. Despite the unauthorized access, there is no indication that the incident led to any malicious activity impacting customers.
Fortinet operations, products, and services remain unaffected, and no evidence suggests additional access to other Fortinet resources. There was reportedly no data encryption or ransomware deployment according to the notice of security incident published on Fortinets blog on September 12, 2024.
Related: The 6 steps of incident response
Going deeper
According to a report from The Register, a dark web user named Fortibitch alleges to have stolen 440GB of Fortinet customer data from an open Amazon S3 bucket and offered it for download. The user claimed to have demanded ransom from Fortinet, which the company refused to pay.
What was said
In the blog post Fortinet stated that, “After identifying the incident, we immediately began an investigation, contained the incident by terminating the unauthorized individual’s access, and notified law enforcement and select cybersecurity agencies globally.”
According to The Register report, “On Thursday morning, meanwhile, someone calling themselves "Fortibitch" posted to a dark web forum and offered a whopping 440GB of Azure SharePoint files for download…”
The report later provided, “Fortibitch also accused the biz of not filing an SEC form 8-K detailing the loss – which would alert shareholders and customers. Fortinet commented that "given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results," so no 8-K is needed.”
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What is a 8-K?
A report that publicly traded companies must file with the SEC to disclose major events affecting their financial status.
When is a notice of security incident necessary?
It is necessary when there's a breach that could impact customer data, requiring transparency and timely communication with affected parties.
What is a cloud file?
A digital document or data stored on remote servers accessed over the internet rather than on a local computer.