![]() The class action lawsuit accused Accellion of failing to implement and maintain appropriate data security practices to protect its clients’ sensitive data and failing to detect vulnerabilities in the security of its FTA. By February 2021, four additional vulnerabilities associated with the platform were disclosed and issued CVEs. ![]() Many Accellion clients were impacted by the breach, including Shell, The University of California, Stanford University School of Medicine, Bombardier, University of Miami Health, Trillium, Community Health Plan and Kroger.Īccellion identified a zero-day vulnerability in the product in mid-December 2020 and released a patch to address the flaw. Sensitive data potentially compromised and stolen in the incident included names, contact information, dates of birth, Social Security numbers, driver’s license numbers and healthcare data. Before the cyber-attack occurred, Accellion actively phased out the FTA and encouraged its clients to use a newly developed file transfer solution named Kiteworks.įour months before the legacy file transfer solution was due to be retired on April 30 2021, it was attacked by two advanced persistent threat (APT) groups linked to FIN11 and the CLOP ransomware gang.īy exploiting unpatched vulnerabilities in the FTA, the attackers were able to gain access to the files of Accellion’s clients from which they exfiltrated a sizable amount of data. The class action lawsuit was filed on behalf of victims whose personal information was exposed during a cyber-attack on Accellion’s file transfer appliance (FTA).Īccellion had been using the FTA for more than 20 years to securely share files deemed too sensitive or large to be sent over email. ![]() Californian technology company Accellion Inc has reached an $8.1m settlement to resolve a legal claim relating to a data breach in December 2020. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |