Risk and compliance startup LogicGate has confirmed a knowledge breach. But until you’re a buyer, you in all probability didn’t hear about it.
An electronic mail despatched by LogicGate to prospects earlier this month mentioned on February 23 an unauthorized third-party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing buyer backup information for its flagship platform Risk Cloud, which helps corporations to determine and handle their threat and compliance with knowledge safety and safety requirements. LogicGate says its Risk Cloud also can assist discover safety vulnerabilities earlier than they’re exploited by malicious hackers.
The credentials “appear to have been used by an unauthorized third party to decrypt particular files stored in AWS S3 buckets in the LogicGate Risk Cloud backup environment,” the e-mail learn.
“Only data uploaded to your Risk Cloud environment on or prior to February 23, 2021, would have been included in that backup file. Further, to the extent you have stored attachments in the Risk Cloud, we did not identify decrypt events associated with such attachments,” it added.
LogicGate didn’t say how the AWS credentials have been compromised. An electronic mail replace despatched by LogicGate final Friday mentioned the corporate anticipates discovering the foundation explanation for the incident by this week.
But LogicGate has not made any public assertion concerning the breach. It’s additionally not clear if the corporate contacted all of its prospects or solely these whose knowledge was accessed. LogicGate counts Capco, SoFi, and Blue Cross Blue Shield of Kansas City as prospects.
We despatched an inventory of questions, together with what number of prospects have been affected and if the corporate has alerted U.S. state authorities as required by state knowledge breach notification legal guidelines. When reached, LogicGate chief government Matt Kunkel confirmed the breach however declined to remark citing an ongoing investigation. “We believe it’s best to communicate developments directly to our customers,” he mentioned.
Kunkel wouldn’t say, when requested, if the attacker additionally exfiltrated the decrypted buyer knowledge from its servers.
Data breach notification legal guidelines fluctuate by state, however corporations that fail to report safety incidents can face heavy fines. Under Europe’s GDPR guidelines, corporations can face fines of as much as 4% of their annual turnover for violations.
In December, LogicGate secured $8.75 million in contemporary funding, totaling greater than $40 million because it launched in 2015.
Are you a LogicGate buyer? Send suggestions securely over Signal and WhatsApp to +1 646-755-8849. You also can ship information or paperwork utilizing our SecureDrop. Learn extra.
