[BreachExchange] Palo Alto Networks hit by data leak

Destry Winant destry at riskbasedsecurity.com
Fri Nov 29 09:54:37 EST 2019


https://www.techradar.com/news/palo-alto-networks-hit-by-major-data-breach

The cybersecurity firm Palo Alto Networks has admitted that it
suffered a data breach which resulted in the personal data of both
past and current employees being leaked online.

Business Insider, who broke the story, was first made aware of the
breach by a former employee of the company that wished to remain
anonymous.

After the news outlet spoke with Palo Alto Networks, the company
confirmed that the personal information of around seven current and
former employees was “inadvertently” posted online by an external
contractor back in February.

Facebook app data exposed by third-party developers
Supply chain attacks: when things go wrong
Russia's Sberbank hit with huge data leak

Third-party vendor

According to Business Insider, the names, dates of birth and social
security numbers of the employees were shared online by a third-party
vendor. However, Palo Alto Networks did not reveal the name of the
external company or say where the details had been leaked.

A spokesperson for the cybersecurity firm provided more details on the
incident to Business Insider, saying:

"We took immediate action to remove the data from public access and
terminate the vendor relationship. We also promptly reported the
incident to the appropriate authorities and to the impacted
individuals. We take the protection of our employees' information very
seriously and have taken steps to prevent similar incidents from
occurring in the future."

At this time, it is still unclear as to whether the personal data of
Palo Alto Networks' employees was leaked accidentally or if the party
responsible for leaking the data did so maliciously.


More information about the BreachExchange mailing list