Fortinet confirms data breach after allegedly refusing to pay ransom

In an announcement posted on Fortinet’s website, the company said that someone gained access to a “limited number of files” stored on its instance of an unnamed third-party cloud-based shared file drive. The files included “limited data related to a small number of Fortinet customers,” the announcement added, stating that this affects less than 0.3% of its user base.

Hundreds of gigs of stolen files

The company then said that its operations have not been impacted by the attack, and that there is no indication it will have malicious consequences affecting its customers. It further clarified that this wasn’t a ransomware attack, but a simple smash-and-grab.

“Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results,” Fortinet concluded, stating the police and a third-party forensics firm were brought in to help investigate.

While Fortinet plays down the importance of the attack, the hackers claim it is a much bigger incident. The Register dug up a new thread on a dark web forum, posted by someone named “Fortibitch”. In the thread, the author claims to have stolen 440GB of Azure SharePoint files from the company, including customer data stolen from an open Amazon S3 bucket.

The author also said they reached out to Fortinet, demanding a ransom payment in exchange for keeping the data private, but the company refused. Finally, they allegedly criticized the company for not filing the 8-K form and notifying its shareholders and customers of the incident.

Via The Register

More from TechRadar Pro

• Thousands of Fortinet devices could face attack following security issue
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now