Fortinet: Breach Of Cloud Environment Impacts ‘Small Number’ Of Customers

A threat actor accessed ‘a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive,’ the security vendor says.

Fortinet confirmed Thursday that it suffered a breach of its cloud storage environment that impacted customer data.

The cybersecurity vendor characterized the incident as having minimal impact, however, saying the number of files accessed was “limited” and affected data from a “small number” of customers.

[Related: 10 Major Cyberattacks And Data Breaches In 2024 (So Far)]

The breach was earlier reported by Australia-based publication Capital Brief, which indicated that Asia-Pacific customers were among those impacted in the incident.

In response to an inquiry from CRN Thursday, Fortinet did not specify where the affected customers are located, what specific data was impacted or when the incident occurred.

In a statement Thursday, the company disclosed that an “individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive.”

The accessed files “included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate,” the company said.

Fortinet added that so far, “there is no indication that this incident has resulted in malicious activity affecting any customers.”

“Fortinet’s operations, products, and services have not been impacted,” the company said.

According to a BleepingComputer report, a threat actor has claimed on a hacker forum to have stolen a significant amount of data from Fortinet’s Microsoft Sharepoint server, based in the Azure cloud, and has claimed to have posted the stolen data after Fortinet declined to pay a ransom demand. CRN has reached out to Fortinet for comment on the report.

As of this writing, it did not appear that Fortinet had filed a breach disclosure with the U.S. Securities and Exchange Commission. Such filings are only required for publicly traded companies when they have suffered an incident with a significant impact, though some companies have adopted the practice of voluntarily filing breach disclosures with the SEC.