/cloudfront-us-east-2.images.arcpublishing.com/reuters/UWMXXA3E6VI5JLNTO72IZSUVWE.jpg "accellion breach")
20 but didn’t immediately alert security teams to install it.
#Accellion breach Patch
The Reserve Bank of New Zealand said on a website dedicated to the breach that Accellion released a software patch on Dec. New Zealand’s central bank reported some of its files stolen in the attack. 12.”Īccellion shared information “over the next few weeks” that helped the office conclude it was affected, Kathleen Cooper, a spokeswoman for the Washington State Auditor’s Office, said in a statement. 1 news release that it “first learned of the incident on Jan. The Washington State Auditor’s Office, which reported that personal data of more than 1 million applicants for unemployment benefits might have been accessed through the FTA tool, said in a Feb. Some customers affected by the hack have offered a different sequence of events. “This initial incident was the beginning of a concerted cyberattack on the Accellion FTA product that continued into January 2021,” the company said. 1, Accellion said it notified “all FTA customers” of the vulnerability on Dec. “Accellion resolved the vulnerability and released a patch within 72 hours to the less than 50 customers affected,” the company said. 12 blog post that it learned in mid-December of a vulnerability in its File Transfer Appliance software, a 20-year-old tool to share large documents. (see: 2 More Breaches Tied to Accellion File Transfer Appliance).Palo Alto, Calif.-based Accellion said in a Jan. Other victims of breaches tied to Accellion's FTA include Singapore telecom company Singtel, Australian medical research institute QIMR Berghofer, the Australian Securities and Investments Commission and the Washington state auditor in the U.S. The bank says it will reveal additional details as the investigation continues.
#Accellion breach zip
The exposed files - individual submissions made by organizations to the FTA - include Word documents, PDFs, zip files and those in other formats.
For security reasons, the bank is not revealing the number of files or more specific details on the information they contained, Orr says. 25 when files were downloaded from the FTA without authorization, the bank reports. The bank eventually applied the patch in early January. "There was a period of five days from the patch on 20 December until 25 December when the breach occurred, during which the bank would have applied the patch if it had been notified it was available," the bank reports in this week's update. But Orr says Accellion never informed the bank the patch was available. Several Accellion FTA clients began reporting incidents starting in mid-December 2020, resulting in Accellion identifying several vulnerabilities and issuing a patch to fix the issue on Dec. The bank closed its connection to FTA when the breach was discovered, with Orr issuing an apology earlier this month for the bank falling short of the security standards its customers expect.Īccellion has issued an end-of-life warning for its FTA product effective April 30, and the company is now attempting to shift its customers over to its newer - and what it believes to be a more secure - Kiteworks platform.
The bank reported in January that hackers had compromised Accellion's File Transfer Appliance, which the central bank used to securely share large data files with stakeholders. "Our core functions remain unaffected, sound and operational," Orr notes. The bank has brought in KPMG to conduct an additional independent review of its systems and processes. The Reserve Bank's investigation found that files removed from the bank's systems exposed data that included personal email addresses, dates of birth and credit information, Orr says. "We have completed our assessment of the files illegally downloaded during the breach and are notifying the organizations whose files contained sensitive information to support them and assist in managing the impact on their customers and staff," says Adrian Orr, the reserve bank's governor. See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
#Accellion breach update
The Reserve Bank of New Zealand issued an update Monday on the data breach it sustained in December 2020, saying it has identified the records that were compromised and offering a timeline of the incident (see: NZ Reserve Bank Governor Says He 'Owns' Breach).
0 kommentar(er)
