Fortinet has disclosed a data breach impacting a "small number" of its clients after a hacker, using the alias "Fortibitch," leaked 440GB of customer information on BreachForums. The hacker claimed to have accessed the data from an Azure SharePoint site, following the company's refusal to meet a ransom demand. This incident emphasizes the need for companies to secure data stored in third-party cloud services, cybersecurity experts have noted.
In a statement released on September 12, Fortinet reported that the breach involved unauthorized access to files stored on its cloud-based shared file drive. The company did not confirm the exact source of the breach but reassured that the affected data represented less than 0.3% of its over 775,000 customers—approximately 2,300 organizations. Fortinet also stated that no malicious activity had been detected around the compromised data, and no ransomware or data encryption was involved. The company has since implemented protective measures and directly communicated with impacted customers.
Dark Reading noted that the hacker also leaked financial and marketing documents, product information, HR data from India, and some employee records. After unsuccessful attempts to extort the company, the hacker released the data. There was also a mention of Fortinet’s acquisitions of Lacework and NextDLP, as well as references to a Ukrainian threat group, though no direct connections were identified.
This breach highlights the growing risk of cloud data exposure. A recent analysis by Metomic revealed that more than 40% of sensitive files on Google Drive were vulnerable, with many shared publicly or with external email addresses. Experts stress the importance of using multifactor authentication (MFA), limiting employee access, and regularly monitoring cloud environments to detect and mitigate potential security lapses. They also recommend encrypting sensitive data both in transit and at rest, and enforcing zero-trust principles to reduce the risk of unauthorized access.
