Fortinet has admitted that an unauthorized individual accessed cloud-hosted files containing data related to a small number of its customers. The security giant emphasized that the incident was limited and did not impact its operations, products, or services.
According to Fortinet’s blog post, the miscreant gained access to a limited number of files stored on a third-party cloud-based shared file drive. Although the breach involved no data encryption, ransomware deployment, or access to Fortinet’s corporate network, it still resulted in the theft of nearly 440GB of Azure SharePoint files.
The incident did not appear to have any malicious activity directed against Fortinet customers. The company terminated the miscreant’s access to the data and notified law enforcement and select cybersecurity agencies about the incident.
Fortibitch, the individual responsible for posting the stolen data online, claimed that they approached Fortinet for a ransom payment in exchange for not leaking the information but was declined. The business stated that no SEC form 8-K detailing the loss is necessary since the incident did not have a material impact on its financial condition or operating results.
This recent data leak adds to Fortinet’s already troubled year, which has included multiple critical vulnerability disclosures and reported security incidents, such as the toothbrush DDoS attack claim.
Source: https://www.theregister.com/2024/09/13/fortinet_data_loss/