On Thursday, cybersecurity giant Fortinet disclosed a breach of customer data.
In a statement posted online, Fortinet said the intruder accessed “a limited number of files” stored on a company-owned, third-party shared cloud drive that contained data from “less than 0.3%” of its customers. The company said the incident “did not involve encryption of data, deployment of ransomware, or access to Fortinet's corporate network.”
Based on the company's most recent full-year revenue, Fortinet has “more than 500,000 customers,” suggesting the breach could affect at least 1,500 of Fortinet's corporate customers.
The breach was first reported by Bleeping Computer, which quoted a threat actor on a popular cybercrime forum claiming to have stolen 440GB of Fortinet customer files, a listing also confirmed by TechCrunch.
Fortinet did not immediately respond to a request for comment, which included several questions about the breach.