As reported in Reuters earlier this year, Accellion (rebranded to Kiteworks) a US technology company specialising in file sharing and collaboration software, recently reached a settlement worth $8.1 Million to end a litigation process against the company, over data breaches relating to its File Transfer Appliance product. The California based tech company faced allegations it had not properly secured the personal data of millions of people, which left their details vulnerable to hackers and cyber criminals.
The Data Breach
Reports noted that in December 2020 a zero-day security vulnerability was identified in Accellion’s File Transfer Appliance product. The first vulnerability identified made it possible for a hacker to extract data using an SQL injection. Accellion worked to rectify this vulnerability with a patch being released. By February 2021 three further vulnerabilities were also identified.
What personal data was compromised?
The kind of data reported to have been compromised, and subsequently stolen by cyber criminals, included contact information such as names, emails addresses and phone numbers, date of births, driving license numbers and healthcare data, to name a few.
Companies affected by the breach
Numerous Accellion customers were affected by this breach. They range from supermarket chain Kroger to global oil and gas giants Shell. The breach was one of most far reaching of recent years.
Some of the reported victims include:
University of California – In 2021 they were subject to a cyber-attack, they state ‘In connection with the attack, certain UC data was accessed without authorization. We identified on March 29, 2021 that some of this data was posted on the Internet’. investigations are ongoing (University of California)
U.S. Department of Health and Human Services – The HHS reporting tool shows 1.2M patients of Centene Corporation (a leading healthcare provider) and its subsidiaries were included in the Accellion FTA hack.
Kroger – According to Kroger’s website, Kroger confirmed that it was impacted by the data security incident. Accellion’s services were used by Kroger, as well as many other companies, for third-party file transfers. Accellion notified Kroger that an unauthorized person gained access to certain Kroger files by exploiting a vulnerability in its file transfer service.” (Kroger)
Data Encryption is Everything
As Accellion and the victims of the security breach found out, cybercriminals can destroy a company’s credibility and reputation almost overnight. Data breaches are serious and adversely affect how people perceive a company. Technology is moving fast; hackers are coming up with ever more creative ways of stealing data. Companies need to make sure they are prepared, and the technology they choose to protect their data is fit for purpose.
SureDrop – Secure File Sharing by Design
In the wake of many high-profile data breaches, organisations are searching for more secure ways to store and share sensitive information and collaborate with teams. Senetas, one of the world leaders in cybersecurity, has developed a secure file storage, sharing and collaboration platform called SureDrop. The primary function of SureDrop is to enable file-sharing with maximum security and minimal fuss. It has all of the convenience of other box-type solutions, without compromising on security.
SureDrop security features include standards-based encryption, file fragmentation, 100% encryption key ownership and data sovereignty.
Seamless integration with Votiro Cloud adds protection against both known and unknown malware attacks, and persistent zero-day exploits. Its advanced, patented technology addresses the weaknesses of traditional signature-based legacy solutions.
Find out more about SureDrop and how your business can take steps to secure your file sharing and team collaboration.