Fortinet confirms data breach after allegedly refusing to pay ransom

News
By
published

Someone stole data from Fortinet, but how much?

Image depicting a hand on a scanner
Image Credit: Pixabay (Image credit: Pixabay)

Hackers recently broke into a cloud storage account belonging to cybsersecurity giant Fortinet, and stole sensitive information found there.

The news was confirmed by the cybersecurity business itself, which played down the importance of the incident - however the hackers behind the attack beg to differ.

In an announcement posted on Fortinet’s website, the company said that someone gained access to a “limited number of files” stored on its instance of an unnamed third-party cloud-based shared file drive. The files included “limited data related to a small number of Fortinet customers,” the announcement added, stating that this affects less than 0.3% of its user base.

Hundreds of gigs of stolen files

The company then said that its operations have not been impacted by the attack, and that there is no indication it will have malicious consequences affecting its customers. It further clarified that this wasn’t a ransomware attack, but a simple smash-and-grab.

“Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results,” Fortinet concluded, stating the police and a third-party forensics firm were brought in to help investigate.

While Fortinet plays down the importance of the attack, the hackers claim it is a much bigger incident. The Register dug up a new thread on a dark web forum, posted by someone named “Fortibitch”. In the thread, the author claims to have stolen 440GB of Azure SharePoint files from the company, including customer data stolen from an open Amazon S3 bucket.

The author also said they reached out to Fortinet, demanding a ransom payment in exchange for keeping the data private, but the company refused. Finally, they allegedly criticized the company for not filing the 8-K form and notifying its shareholders and customers of the incident.

Via The Register

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.