Stormshield, a subsidiary of French cybersecurity company Airbus CyberSecurity, released a statement yesterday reporting a data breach that resulted in compromised source code and customer information.
Stormshield provides network security, endpoint security and data security solutions. The company describes itself as a “European leader in digital infrastructure security” and claims to have a presence in more than 40 countries.
In the notice entitled “Security Incident concerning Stormshield”, the company reports that it has recently detected unauthorized access to a technical portal used by customers and partners to manage support tickets related to the company’s products. Attackers may have gained access to “personal data and technical exchanges”.
The company determined that hackers may also have obtained some source code from Stormshield Network Security (SNS), but there is no evidence that the code has been modified or that the products used by customers have been compromised.
In response to the incident, Stormshield notified the affected authorities and customers and decided to reset the passwords for the affected portal, implement additional security mechanisms and replace a certificate used to sign releases and updates for the SNS product.
The French National Information Systems Security Agency (ANSSI), which helped Stormshield in its investigation, also issued a statement in response to the incident. The agency said the attackers apparently also exfiltrated the source code for the company’s Stormshield Network Security Industrial Firewall (SNI).
Stormshield said its operations were not affected.
With international agencies
See the original post at: https://www.cisoadvisor.com.br/subsidiaria-da-airbus-cybersecurity-revela-incidente/?rand=59039