TLDR:
- An attacker gained access to Fortinet customer data stored on a third-party cloud-based shared file drive.
- The breach exposed a limited number of files related to less than 0.3% of Fortinet customers.
Fortinet, a major cybersecurity company, disclosed a customer data breach that occurred through a third-party file-sharing service. The breach exposed a limited number of files, affecting less than 0.3% of Fortinet customers, out of more than 500,000. Despite the breach, there is no evidence of malicious activity affecting any customers so far. The incident did not involve encryption, ransomware, or impact on Fortinet’s operations, products, or services.
Fortinet has taken steps to contain the breach, including terminating the unauthorized individual’s access, notifying law enforcement, and beginning an investigation. While the root cause and third-party source of the attack have not been disclosed, Fortinet has reassured that the incident will not have a material impact on its financial condition or operating results.
This breach highlights the ongoing threat posed by attacks originating in file-sharing or -transfer services, a common attack vector for cybercriminals. Despite the breach, Fortinet remains a major player in the cybersecurity industry, holding a significant market share globally. The company continues to monitor the situation closely and take necessary measures to address any potential risks.