Qualys: Breach limited to 3rd-party vendor, but attackers trying to make exposure seem worse

A Qualys booth set up at a trade fair. (Thomas Springer, CC0, via Wikimedia Commons)

Cloud security company Qualys said that follow up investigations have confirmed that the data breach it suffered in late 2020 and early 2021 was limited to customer data housed on third-party service provider Accellion’s file transfer system. However, the company also shared intelligence that the attackers behind the incident are engaging in a tactic to make the exposed data set look more voluminous than it actually is.

In a detailed update posted on the Qualys website April 2, CISO Ben Carr said that an independent, third-party forensic firm has verified the company’s initial determination that the attack did not jump from Accellion’s file transfer appliance server to Qualys’ larger corporate network.

Please register to continue.

Already registered? Log in.

Once you register, you’ll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Next post in Data Breach

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to your account below

Fill the forms bellow to register

Retrieve your password

Please enter your username or email address to reset your password.