Security News > 2024 > September > Fortinet confirms data breach after hacker claims to steal 440GB of files

Fortinet, a leading cybersecurity company, has confirmed a data breach after a threat actor, using the alias "Fortibitch," claimed to have stolen 440GB of data from its Microsoft SharePoint server hosted on Azure. Fortinet provides secure networking products like firewalls, routers, and VPNs, alongside services like SIEM, EDR/XDR, and consulting. The breach was first reported on a hacking forum, where the attacker shared credentials to an S3 bucket allegedly containing the stolen files. While the threat actor attempted to extort Fortinet, the company refused to pay the ransom.
Fortinet has acknowledged that a limited amount of customer data was stolen from a third-party cloud-based file drive. However, the company did not disclose the exact number of customers affected or the type of compromised data. Fortinet later updated its website, clarifying that less than 0.3% of its customer base was impacted and that no malicious activity had been directed toward these customers as a result of the breach. Additionally, Fortinet assured that the incident did not involve ransomware, data encryption, or unauthorized access to its corporate network.
This breach follows a similar incident in May 2023, when a threat actor claimed to have accessed Fortinet's Panopta GitHub repositories and leaked data on a Russian-speaking hacking forum. Fortinet has communicated with affected customers but has not provided further details about the breach in response to follow-up inquiries.
News URL
Related news
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Data breach at Japanese telecom giant NTT hits 18,000 companies (source)
- PowerSchool previously hacked in August, months before data breach (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Western Alliance Bank notifies 21,899 customers of data breach (source)
- Sperm donation giant California Cryobank warns of a data breach (source)
- Pennsylvania education union data breach hit 500,000 people (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)