Information security specialists reported that Palo Alto Networks, a major security firm based in California, US, has become victim to a data breach that led to the exposure of personal information from former and current employees. Compromised data include details such as names, dates of birth, and employee social security numbers.
Through a private email sent to its employees and users, the company claims that the incident occurred due to security errors at an external service company, adding that the contract with that company, whose name was not disclosed, has been dissolved. This decision, made by Nikesh Arora, CEO of Palo Alto Networks, generated controversy among the cybersecurity community, as it is not a measure that is used in these kinds of incidents.
Although the incident relates to a database that stored company employee details, information security specialists believe that these kinds of inconveniences alert the more than 60k Palo Alto Networks customers, spread across more than 150 countries. The firm currently has capital close to $22 billion USD, although a computer security incident could jeopardize its current level of revenue due to possible fines for non-compliance with data protection laws.
The specialized platform Business Insider obtained the testimony of a former employee who preferred to remain anonymous. In his statement he mentions that the company revealed to employees and former employees about exposing their information, stating that the incident had been undetected for months, giving hackers time to complete their malicious task.
Like the provider concerned, Palo Alto Networks declined to mention whether the compromised information had been leaked in any dark web forum. Further reports are expected from the company.
Speaking to Business Insider, a spokesman for Palo Alto said: “On February 2nd we detected that the information of seven employees was exposed by a third-party provider. Our teams took immediate steps to remove any form of access to this information and terminate the contract with the responsible company.”
However, information security specialists at the International Cyber Security Institute (IICS) believe that Palo Alto is betraying the trust of its former and current employees by concealing information related to this incident, mainly the name of the company responsible for exposing confidential information.