Fortinet Says Less Than 1 Percent Of Customers Impacted In Breach

The percentage equates to a potential 1,500 customers affected in the compromise of Fortinet’s cloud file-share environment.

Fortinet disclosed that the breach of its cloud file-share environment impacted “less than 0.3 percent” of customers, while noting that it believes the incident isn’t likely to have a significant impact on its business.

The cybersecurity vendor had confirmed earlier Thursday that a threat actor had compromised a cloud environment containing customer data and had gained access to a “limited number of files.”

Following reported claims by a hacker about the incident, Fortinet reiterated its characterization of the impact from the breach as minimal, in a post later Thursday.

The compromise “included limited data related to a small number (less than 0.3%) of Fortinet customers,” the vendor said in the post.

Fortinet had previously disclosed that as of the end of June, its customer count stood at more than 500,000. Based on the percentage of impacted customers mentioned by Fortinet Thursday, the incident may have seen a potential 1,500 customers affected.

CRN has reached out to Fortinet for comment.

In the post Thursday, Fortinet said it expects the breach will not be “material” in terms of impact.

“Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results,” the company said.

According to a note by KeyBanc, reported by Seeking Alpha, analysts at the firm agree that the Fortinet breach is unlikely to have a material impact.

Fortinet has not specified where the affected customers are located, what specific data was impacted or when the incident occurred.

The company said in the post Thursday that there is so far “no indication that this incident has resulted in malicious activity affecting any customers.”

“Fortinet’s operations, products and services have not been impacted, and we have identified no evidence of additional access to any other Fortinet resource,” the vendor said.

In addition, “the incident did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network,” the company said.

Following the attack, Fortinet said it began executing a response plan and “communicated directly” with affected customers.

According to a BleepingComputer report, a threat actor has claimed on a hacker forum to have stolen a significant amount of data from Fortinet’s Microsoft Sharepoint server, based in the Azure cloud, and has claimed to have posted the stolen data after Fortinet declined to pay a ransom demand.

As of this writing, it does not appear that Fortinet has filed a breach disclosure with the U.S. Securities and Exchange Commission. Such filings are only required for publicly traded companies when they have suffered an incident with a “material” impact.