Share this article on:
International cyber security giant Fortinet has disclosed that it has suffered a data breach.
Fortinet, behind Palo Alto and CrowdStrike, is the third-largest cyber security firm, with a valuation of US$60 billion.
The California-based firm, which is known for providing endpoint security, firewalls, and more to organisations and agencies all over the world, including Australia, told Cyber Daily that a threat actor gained unauthorised access to a third-party it used.
“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate," said a company spokesperson.
"To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted.”
The incident reportedly affected customers within the Asia-Pacific region.
Speaking with Cyber Daily, Home Affairs confirmed it was aware of the incident but provided no further details.
“The National Office of Cyber Security is aware of reports regarding a potential cyber incident impacting Fortinet and stands ready to assist, if required,” it said.
The nature of the incident is currently unknown.
According to sources speaking with Capital Brief, the incident occurred last month, but Home Affairs only discovered the breach recently.
Fortinet has contributed to Australia’s cyber security environment in a number of ways, most notably of late submitting recommendations for the 2023–2030 Australian Cyber Security Strategy.
“As a global leader in cyber security, Fortinet is well positioned to support the Australian government’s efforts to enhance the nation’s resilience against cyber threats and safeguard its critical infrastructure, businesses, and citizens,” the company’s submission said.
The firm is certified for use by all Five Eyes nations and has invested “heavily in the federal and defence market in Australia, including investment in local capability and cleared resources to ensure that our solutions are built to serve the Australian government,” Fortinet said in its 2021 submission to the government call for views on Strengthening Australia’s cyber security regulations and incentives.
It is not currently known whether any data pertaining to the Australian federal government or any critical infrastructure was compromised as a result of the incident, nor is the identity of the threat actor behind the breach.
Cyber Daily will provide an update to this story as it develops.