Incidents

Palo Alto suffers data breach. Are its customers’ networks secured?

Information security specialists reported that Palo Alto Networks, a major security firm based in California, US, has become victim to a data breach that led to the exposure of personal information from former and current employees. Compromised data include details such as names, dates of birth, and employee social security numbers.

Through a private email sent to its employees
and users, the company claims that the incident occurred due to security errors
at an external service company, adding that the contract with that company,
whose name was not disclosed, has been dissolved. This decision, made by Nikesh
Arora, CEO of Palo Alto Networks, generated controversy among the cybersecurity
community, as it is not a measure that is used in these kinds of incidents.

Although the incident relates to a database
that stored company employee details, information security specialists believe
that these kinds of inconveniences alert the more than 60k Palo Alto Networks
customers, spread across more than 150 countries. The firm currently has
capital close to $22 billion USD, although a computer security incident could
jeopardize its current level of revenue due to possible fines for non-compliance
with data protection laws.

The specialized platform Business Insider
obtained the testimony of a former employee who preferred to remain anonymous.
In his statement he mentions that the company revealed to employees and former
employees about exposing their information, stating that the incident had been
undetected for months, giving hackers time to complete their malicious task.

Like the provider concerned, Palo Alto Networks
declined to mention whether the compromised information had been leaked in any dark
web
forum. Further reports are expected from the company.

Speaking to Business Insider, a spokesman for
Palo Alto said: “On February 2nd we detected that the information of seven
employees was exposed by a third-party provider. Our teams took immediate steps
to remove any form of access to this information and terminate the contract
with the responsible company.”

However, information security specialists at
the International Cyber Security Institute (IICS) believe that Palo Alto is
betraying the trust of its former and current employees by concealing
information related to this incident, mainly the name of the company responsible
for exposing confidential information.

Comments
To Top

Pin It on Pinterest

Share This