Fortinet clarified that this incident was not a ransomware attack but rather a straightforward theft of data.

CloudSEK's threat intelligence report indicated that the leaked data included sensitive customer information, financial documents, marketing data, and HR records.

While the exact number of impacted customers has not been disclosed, Fortinet has communicated directly with those affected.

Fortinet has engaged an external forensics team and notified law enforcement and cybersecurity agencies worldwide about the breach.

In response to the breach, Fortinet has implemented additional internal processes, including enhanced account monitoring and threat detection measures.

The full extent of the compromised data is still unclear, but it is believed to include documents related to a small subset of Fortinet's customers.

The breach serves as a reminder of the risks associated with using SaaS and cloud services without adequate security measures.

On September 13, 2024, Fortinet confirmed a data breach involving unauthorized access to customer data, with a hacker claiming to have stolen 440GB of files from its Microsoft SharePoint server.

The hacker, known as 'Fortibitch', demanded a ransom from Fortinet, which the company refused, leading to the hacker leaking the data.

The breach reportedly involved a limited number of files stored on a third-party shared cloud drive, affecting less than 0.3% of Fortinet's customer base.

This incident may contribute to reputational harm for Fortinet, a company that has faced multiple security challenges in 2024, including critical vulnerabilities in its software.

Despite the breach, Fortinet reassured stakeholders that its operations, products, and services remain unaffected and that there is no indication of malicious activity impacting customers.