Cybersecurity giant Fortinet confirmed on September 12, 2024 that it suffered a data breach, after a threat actor claimed to steal 440GB of files from the company’s Microsoft SharePoint server. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers” says its blog post. The company further stated that “Fortinet’s operations, products, and services have not been impacted.”
The threat actor, known as “Fortibitch,” claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay.
Fortinet did not disclose how many customers are impacted or what kind of data has been compromised but said that it “communicated directly with customers as appropriate.”
Fortinet is one of the largest cybersecurity vendors in the industry, offering firewalls, routers, VPN devices, extended detection and response, SIEM, network management and consulting services. It employs over 13,500 employees.
Read more about it here.