US cybersecurity agency CISA is urging Sisense customers to reset their credentials and sensitive information after the data analytics company reported a security incident.
In a brief statement Thursday, CISA said it was responding to a “recent breach” at Sisense, which provides business intelligence and data analytics to companies around the world.
CISA requires Sisense customers to “reset credentials and sensitive information that may have been exposed to or used to access Sisense services” and report any suspicious activity involving the use of compromised credentials. asked them to report it to the authorities.
The exact nature of the cybersecurity incident is not yet clear.
Founded in 2004, Sisense develops business intelligence and data analytics software for large enterprises, including telecommunications companies, airlines, and tech giants. Sisense's technology allows organizations to directly leverage existing technology and cloud systems to collect, analyze, and visualize large amounts of enterprise data.
Companies like Sisense rely on the use of credentials such as passwords and private keys to access customers' various data stores for analysis. With access to these credentials, the attacker may also be able to access customer data.
CISA said it was “taking an active role in working with our private industry partners to respond to this incident, particularly as it relates to affected organizations in the critical infrastructure sector.”
Sisense counts Air Canada, PagerDuty, Philips Healthcare, Skullcandy, and Verizon among its customers, as well as thousands of other organizations around the world.
News of the incident came Wednesday when cybersecurity journalist Brian Krebs published a memo sent by Sangram Dash, Sisense's chief information security officer, in which he told customers to ” It became clear for the first time when he urged people to “rotate”
Neither Mr. Dash nor a Sisense spokesperson responded to emails seeking comment.
Israeli media reported in January that Sisense would lay off about half of its employees starting in 2022. It's unclear whether the layoffs affected the company's security posture. Sisense has raised nearly $300 million in funding from investors including Insight Partners, Bessemer Ventures Partners, and Battery Ventures.
Want to know more about the Sisense breach? Contact this reporter on Signal and WhatsApp at +1 646-755-8849 or by email. You can also send files and documents via SecureDrop.