02-04-2021 , 11:48 PM
The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients.
Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.
Stormshield is a French publisher of software specialized in computer security, its products are certified and qualified by ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information).
Attackers breached one of the customer support portals and stole information on some of its clients.
The company also admitted that threat actors managed to steal the source code for the Stormshield Network Security (SNS) firewall, which is one of the products certified by the ANSSI to be used in sensitive French government environments.
[i]“Recently, the Stormshield teams detected a security incident that resulted in an unauthorized access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.” reads the data breach notification published the vendor.[/i]
[i]“Personal data and technical exchanges associated with certain accounts may have been consulted.”[/i]
The company reported the incident to the authorities and launched an investigation with the support of the ANSSI agency.
In response to the intrusion, as a precaution, the Stormshild experts reset the passwords of all accounts and enhanced the security measures to protect the portal. The IT staff reviewed all the support tickets and technical exchanges in the impacted accounts and shared the results with the customers.
At the time of this writing, it is not clear the impact of the security breach on government networks.
[i]“Further investigations in the context of this incident have revealed the leakage of some parts of the SNS (Stormshield Network Security) source code.” continues Stormshield.[/i]
Source
Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.
Stormshield is a French publisher of software specialized in computer security, its products are certified and qualified by ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information).
Attackers breached one of the customer support portals and stole information on some of its clients.
The company also admitted that threat actors managed to steal the source code for the Stormshield Network Security (SNS) firewall, which is one of the products certified by the ANSSI to be used in sensitive French government environments.
[i]“Recently, the Stormshield teams detected a security incident that resulted in an unauthorized access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.” reads the data breach notification published the vendor.[/i]
[i]“Personal data and technical exchanges associated with certain accounts may have been consulted.”[/i]
The company reported the incident to the authorities and launched an investigation with the support of the ANSSI agency.
In response to the intrusion, as a precaution, the Stormshild experts reset the passwords of all accounts and enhanced the security measures to protect the portal. The IT staff reviewed all the support tickets and technical exchanges in the impacted accounts and shared the results with the customers.
At the time of this writing, it is not clear the impact of the security breach on government networks.
[i]“Further investigations in the context of this incident have revealed the leakage of some parts of the SNS (Stormshield Network Security) source code.” continues Stormshield.[/i]
Source