Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to have stolen 440GB of files from the company’s Microsoft SharePoint server. The hacker, known as “Fortibitch,” posted on a hacking forum early this morning, sharing credentials to an alleged S3 bucket where the stolen data is stored, allowing other threat actors to download it.
Fortinet is one of the largest cybersecurity companies in the world, offering secure networking products like firewalls, routers, and VPN devices.
The company also provides SIEM, network management, EDR/XDR solutions, and consulting services. The threat actor claims to have tried to extort Fortinet for a ransom to prevent the public release of the data, but Fortinet refused to pay. In response to inquiries, Fortinet confirmed that customer data was stolen from a “third-party cloud-based shared file drive.”
The company stated that an individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers.
While Fortinet did not initially disclose the number of impacted customers or the specific type of data compromised, they stated that they “communicated directly with customers as appropriate.” Later updates indicate that the incident affected less than 0.3% of its customer base and has not resulted in malicious activity targeting customers.
fortinet breach impacts small customer base
The company also confirmed that the breach did not involve data encryption, ransomware, or Fortinet’s corporate network access.
Fortinet’s operations remain unaffected, and services are still running smoothly. Unfortunately, this is not the first time Fortinet has faced a similar incident. Between 2022 and 2023, Chinese hackers allegedly infiltrated networks worldwide, including Fortinet’s, to inject malware.
This breach follows another reported data breach earlier this week involving payment gateway provider Slim CD. The incident may have customers concerned about the safety and reliability of Fortinet’s services, even though it impacted a small group. Data breaches can lead to regulatory scrutiny, potential fines, and costly legal battles.