Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Fortinet confirms data breach after allegedly refusing to pay ransom

Image depicting a hand on a scanner.

Hackers recently broke into a cloud storage account belonging to cybsersecurity giant Fortinet, and stole sensitive information found there.

The news was confirmed by the cybersecurity business itself, which played down the importance of the incident - however the hackers behind the attack beg to differ.

In an announcement posted on Fortinet’s website, the company said that someone gained access to a “limited number of files” stored on its instance of an unnamed third-party cloud-based shared file drive. The files included “limited data related to a small number of Fortinet customers,” the announcement added, stating that this affects less than 0.3% of its user base.

Hundreds of gigs of stolen files

The company then said that its operations have not been impacted by the attack, and that there is no indication it will have malicious consequences affecting its customers. It further clarified that this wasn’t a ransomware attack, but a simple smash-and-grab.

“Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results,” Fortinet concluded, stating the police and a third-party forensics firm were brought in to help investigate.

While Fortinet plays down the importance of the attack, the hackers claim it is a much bigger incident. The Register dug up a new thread on a dark web forum, posted by someone named “Fortibitch”. In the thread, the author claims to have stolen 440GB of Azure SharePoint files from the company, including customer data stolen from an open Amazon S3 bucket.

The author also said they reached out to Fortinet, demanding a ransom payment in exchange for keeping the data private, but the company refused. Finally, they allegedly criticized the company for not filing the 8-K form and notifying its shareholders and customers of the incident.

Via The Register

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.