![]() The tech company has proposed a settlement that includes $8.1m to cover the claims, notices and administration costs of Accellion FTA users. Plaintiffs also alleged that Accellion failed to disclose the inadequacy of its security practices.Īccording to documents filed in Californian federal court, Accellion accepts no liability for the breach and has denied all of the allegations. The class action lawsuit accused Accellion of failing to implement and maintain appropriate data security practices to protect its clients’ sensitive data and failing to detect vulnerabilities in the security of its FTA. By February 2021, four additional vulnerabilities associated with the platform were disclosed and issued CVEs. The latest victims are Singapore telecom company Singtel. Many Accellion clients were impacted by the breach, including Shell, The University of California, Stanford University School of Medicine, Bombardier, University of Miami Health, Trillium, Community Health Plan and Kroger.Īccellion identified a zero-day vulnerability in the product in mid-December 2020 and released a patch to address the flaw. Two more breaches have been tied to the vulnerable 20-year-old Accellion File Transfer Appliance. Sensitive data potentially compromised and stolen in the incident included names, contact information, dates of birth, Social Security numbers, driver’s license numbers and healthcare data. ![]() Before the cyber-attack occurred, Accellion actively phased out the FTA and encouraged its clients to use a newly developed file transfer solution named Kiteworks.įour months before the legacy file transfer solution was due to be retired on April 30 2021, it was attacked by two advanced persistent threat (APT) groups linked to FIN11 and the CLOP ransomware gang.īy exploiting unpatched vulnerabilities in the FTA, the attackers were able to gain access to the files of Accellion’s clients from which they exfiltrated a sizable amount of data. The Accellion data breach has reportedly affected about 100 of its clients, which includes at least seven healthcare entities in addition to Trinity Health. The class action lawsuit was filed on behalf of victims whose personal information was exposed during a cyber-attack on Accellion’s file transfer appliance (FTA).Īccellion had been using the FTA for more than 20 years to securely share files deemed too sensitive or large to be sent over email. ![]() Two exploits formed the basis for the attack on Accellion’s File Transfer Appliance: one on Decemand another in January 20 2021, both of which were patched by the company within a week.īut in that time, a number of organisations were impacted in Australia, including NSW Health, the Australian Securities and Investments Commission, multicultural broadcaster SBS and law firm Allens.Californian technology company Accellion Inc has reached an $8.1m settlement to resolve a legal claim relating to a data breach in December 2020. Following this malicious attack, the software application was secured and closed. Since then, Accellion has identified cyber actors targeting FTA customers by leveraging the following additional. Published date: 28 February 2022 About the breach In January 2021, we reported a data breach of a third-party file sharing software applicationAccellion FTAthat we used to share and store information. In mid-December 2020, Accellion was made aware of a zero-day vulnerability in Accellion FTA and released a patch on December 23, 2020. The spokesperson would not say how many additional customers and employees whose data had been compromised had been uncovered or reveal the total number of individuals impacted by the breach when asked by iTnews. Accellion FTA is a file transfer application that is used to share files. Notifications were delivered to customers and employees using email or registered mail, depending on what was available, with a dedicated case officer assigned to offer guidance and support to impacted parties. “Following final assurance investigations, TfSNW has identified additional customers and employees who were impacted,” it said last month without revealing how many more people had had their personal data compromised.Ī spokesperson told iTnews the agency began “notifying the additional impacted parties in mid-December 2021”, following on from an initial round of notifications in the first half of 2021, and expected the process to continue until early this year. But after completing the investigation, TfNSW has now confirmed that both customer and employee data had been accessed in the data breach and revised up the number of impacted individuals.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |