Fortinet fallout
The world’s third-largest cybersecurity firm faces scrutiny after a data breach, first reported by Capital Brief, saw 440GB of information leaked online. But serious questions remain about the breach’s full impact and scope.
As things stand, there’s no immediate need to panic over the data breach affecting Fortinet — the world’s third-largest cybersecurity firm, which protects a swathe of Australia’s critical infrastructure assets — but the situation increasingly looks like a cause for concern.
Capital Brief first broke the news on Thursday that Fortinet was the target of a data breach. The company initially told us “a limited number of files” related “to a small number of Fortinet customers” had been accessed. That news alone was enough to generate global interest in the story.
But the severity of the breach was soon laid bare. Someone claiming to be the perpetrator, using the alias “Fortibitch”, uploaded 440 gigabytes of data to a hacker forum — the same forum where data from the Optus hack was uploaded. They said they had attempted to blackmail Fortinet and, after the company refused, decided to release the data online.
Fortinet shares fell by more than 4% on the Nasdaq on the news. In a blog post, the company said its operations have not been affected by the breach, nor is there any indication that it has resulted in malicious activity. The breach impacted only a third of a percent of Fortinet's customers — of which there are 755,000 total, according to the company.
