Fortinet Hit by Third-Party Data Breach

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

A threat actor reportedly gained unauthorized access to a cloud-based file-sharing service used by Fortinet.

The California-based firm, known for offering endpoint security, firewalls, and other services to organizations and agencies worldwide, confirmed this week that one of its third-party vendors has suffered a data breach.

“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate,” a spokesperson for the company said in a statement.

The statement from the company came after the threat actor claimed to have leaked 440 GB of data allegedly stolen from Fortinet’s Azure SharePoint on a hacking forum. It has not yet been verified if this claim is linked to the confirmed third-party data breach incident.

The breach is said to have affected multiple Fortinet customers across the Asia-Pacific region. According to several sources, the incident took place last month.

The company also stated that there’s no evidence so far that the incident has led to any malicious activity affecting customers, and confirmed that Fortinet’s operations, products, and services remain unaffected.

“To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted,” the statement added.

It further explained that the breach didn’t involve data encryption, ransomware deployment, or access to Fortinet’s corporate network, and that the company immediately implemented protective measures.

Due to what Fortinet described as the limited scope of the incident, the company said it doesn’t “currently believe that the incident is reasonably likely to have a material impact to our financial condition or operating results.”

Fortinet, valued at US$60 billion, is the 3rd-largest cybersecurity company after Palo Alto and CrowdStrike.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment