Fortinet confirms customer data breach
On Thursday, cybersecurity giant Fortinet disclosed a breach involving customer data.
In a statement posted online, Fortinet said an individual intruder accessed “a limited number of files” stored on a third-party shared cloud drive belonging to Fortinet, which included data belonging to “less than 0.3%” of its customers. The company said that the incident “did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network.”
Based on the company’s most recent full-year earnings, Fortinet has “well over half a million customers,” suggesting that the breach may affect at least 1,500 corporate customers of Fortinet.
The breach was first reported by Bleeping Computer, citing a threat actor who claimed on a known cybercrime forum that they had stolen 440 gigabytes of Fortinet customer files. TechCrunch has also seen the listing.
Fortinet spokesperson Stephanie Lira declined to comment and would not answer TechCrunch’s questions about the incident. Lira did not dispute the number of customers’ affected.