This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Fortinet

Summary

Fortinet, a global cybersecurity company, confirmed a data breach in September 2024 after a threat actor claimed to have stolen 440GB of customer data from the company's Azure SharePoint instance. Fortinet refused to pay the ransom demand, and the attacker subsequently leaked the data. The breach affected less than 0.3% of Fortinet customers, primarily in the APAC region, potentially including Australian customers.

What Happened

A threat actor known as "Fortibitch" gained unauthorized access to a limited number of files stored on Fortinet's third-party cloud-based Azure SharePoint instance. The attacker attempted to extort Fortinet by demanding a ransom, but the company refused to pay. According to the threat actor, Fortinet allegedly stated they would "rather eat poop than pay a ransom." After the ransom refusal, the attacker shared credentials to an alleged S3 bucket where the stolen 440GB of data was stored for other threat actors to download.

Impact on Individuals

The breach primarily exposed Fortinet customer information, with less than 0.3% of customers affected, concentrated in the APAC region. Australian Fortinet customers whose data was in the compromised SharePoint instance may have had contact information and business details exposed. Affected individuals should:

  • Be alert for targeted phishing emails exploiting Fortinet customer relationships
  • Watch for business email compromise attempts
  • Be cautious of scams impersonating Fortinet support or sales
  • Monitor for potential follow-on attacks leveraging knowledge of their cybersecurity infrastructure

Organisational Response

Fortinet confirmed the incident involved unauthorized access through a third-party cloud storage platform (SharePoint) and clarified that it did not involve data encryption, ransomware, or access to Fortinet's corporate network. The company took a firm stance against paying the ransom, demonstrating best practice policy of not negotiating with cyber criminals. Fortinet worked to notify affected customers and implement additional security measures for their cloud file storage systems.

Verification Source: View original statement