The French data protection authority (CNIL) has issued a statement following Pulse Secure data breach.
Pulse Secure notified CNIL of a data breach caused by a ransomware attack of its virtual private network products. The breach occurred when a vulnerability was exploited where outdated versions of certain products were being used.
CNIL says that the confidential information of more than 900 international organisations had been published at the beginning of August and that such information included, among other things, IP addresses of vulnerable servers, private keys, usernames, passwords and a list of users.
CNIL has recommended that affected organisations should conduct audits of information systems and monitor suspicious activities.
‘Pulse Secure’ may soon change its name.