On Thursday, cybersecurity giant Fortinet disclosed a breach involving customer data.
In a statement posted online, Fortinet said an individual intruder accessed “a limited number of files” stored on a third-party shared cloud drive belonging to Fortinet, which included data belonging to “less than 0.3%” of its customers. The company said that the incident “did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network.”
Based on the company’s most recent full-year earnings, Fortinet has “well over half a million customers,” suggesting that the breach may affect at least 1,500 corporate customers of Fortinet.
The breach was first reported by Bleeping Computer, citing a threat actor who claimed on a known cybercrime forum that they had stolen 440 gigabytes of Fortinet customer files. TechCrunch has also seen the listing.
Fortinet did not immediately respond to a request for comment, which included several questions about the breach.