The hacker group “Fortibitch” attempted to extort Fortinet, a major cybersecurity firm, by demanding a ransom in exchange for stolen data. When the company refused to comply, the group published the data online. Fortinet later confirmed that the breach occurred through unauthorized access to a limited number of files on a third-party cloud-based shared file drive.
The data breach affected less than 0.3% of Fortinet’s customers, mostly in the Asia-Pacific region. Fortinet issued a statement emphasizing that there has been no targeted malicious activity toward the affected customers.
Fortinet assured that its core products and services were not impacted by the breach. There was no evidence of ransomware deployment, data encryption, or unauthorized access to the company’s corporate network. Due to the limited number of customers affected, the incident did not result in a significant financial or operational impact on Fortinet. The company acted quickly to notify all affected customers and address the situation.
In response to the breach, Fortinet contacted law enforcement and initiated an investigation, which is still ongoing. To prevent future incidents, Fortinet hired an external forensics team to work alongside its internal experts. The company is committed to improving its security measures, ensuring that such breaches do not happen again.
Fortinet, valued at $60 billion, is one of the largest cybersecurity firms in the US, providing firewalls and endpoint security globally. However, 2023 has been a challenging year for the company, with several security issues arising prior to this recent breach. These issues have raised concerns about Fortinet’s vulnerability despite its reputation in the cybersecurity industry.
Earlier in the year, Fortinet faced three significant security lapses, including critical flaws in its software and operating system. In February, customers were slow to apply fixes, leaving over 100,000 devices exposed to potential exploitation. In June, Chinese hackers breached the Netherlands Ministry of Defense using a previously undetected flaw, compromising thousands of Fortinet devices. These incidents have placed additional pressure on the company to strengthen its cybersecurity defenses.