Fortinet Customer Files Accessed in Data Breach

Fortinet has disclosed a data breach in which a hacker gained access to information related to a “small number” of its customers.

Fortinet reported the data breach in a blog. According to Bleeping Computer, a threat actor claimed to steal 440 gigabytes of files from Fortinet's Microsoft Sharepoint server.

“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers,” the company said. “To date, there is no indication that this incident has resulted in malicious activity affecting any customers.”

No Evidence of Data Encryption, Ransomware in Fortinet Data Breach

Fortinet said its operations, products and services have not been impacted, and “we have identified no evidence of additional access to any other Fortinet resource.”

“The incident did not involve any data encryption, deployment of ransomware or access to Fortinet’s corporate network,” it said. “Fortinet immediately executed on a plan to protect customers and communicated directly with customers as appropriate and supported their risk mitigation plans. Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results.”

Related:Fortinet Rolls Out Unified SASE Updates

Fortinet said after identifying the data breach, it began an investigation, contained the incident by terminating the unauthorized individual’s access, and notified law enforcement and select cybersecurity agencies globally.

“A leading external forensics firm was engaged to validate our own forensics team’s findings,” the company said. “Moreover, we have put additional internal processes in place to help prevent a similar incident from reoccurring, including enhanced account monitoring and threat detection measures.”

Akhil Mittal, senior manager of cybersecurity strategy and solutions at Synopsys Software Integrity Group, said this is an “important reminder that no system is fully immune from cybersecurity risk.”

“Fortinet’s quick acknowledgment and communication with affected customers shows they’re actively managing the situation,” he said.

This isn’t the first time Fortinet has been hacked. In 2021, a cybercriminal gang assembled a collection of access credentials for more than 87,000 FortiGate SSL-VPN devices.