A threat actor reportedly gained unauthorized access to a cloud-based file-sharing service used by Fortinet.
The California-based firm, known for offering endpoint security, firewalls, and other services to organizations and agencies worldwide, confirmed this week that one of its third-party vendors has suffered a data breach.
“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate,” a spokesperson for the company said in a statement.
The statement from the company came after the threat actor claimed to have leaked 440 GB of data allegedly stolen from Fortinet’s Azure SharePoint on a hacking forum. It has not yet been verified if this claim is linked to the confirmed third-party data breach incident.
The breach is said to have affected multiple Fortinet customers across the Asia-Pacific region. According to several sources, the incident took place last month.
The company also stated that there’s no evidence so far that the incident has led to any malicious activity affecting customers, and confirmed that Fortinet’s operations, products, and services remain unaffected.
“To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted,” the statement added.
It further explained that the breach didn’t involve data encryption, ransomware deployment, or access to Fortinet’s corporate network, and that the company immediately implemented protective measures.
Due to what Fortinet described as the limited scope of the incident, the company said it doesn’t “currently believe that the incident is reasonably likely to have a material impact to our financial condition or operating results.”
Fortinet, valued at US$60 billion, is the 3rd-largest cybersecurity company after Palo Alto and CrowdStrike.