Online trust and identity management giant Entrust has confirmed a security breach by a suspected ransomware gang that accessed data from the company’s internal network.
The Minneapolis, Minnesota-based company discovered the intrusion on June 18 and began notifying potential victims on July 6.
However, the incident only made security headlines when cybersecurity researcher Dominic Alvieri tweeted a security advisory screenshot sent to Entrust customers.
Entrust Security Breach Potentially Impacted Critical Organizations
Entrust is a solutions provider for various organizations, including US government agencies, such as the Department of Homeland Security (DHS), Treasury, Health and Human Services, Energy, Agriculture, and Veterans Affairs.
The company claims around 10,000 customers in 150 countries, including leading private and public companies like Microsoft and VMWare.
These organizations entrust the security provider with critical services such as identity management, user and machine authentication, credential issuance, secure online payments and encrypted communications.
Coincidentally, the Entrust security breach occurred less than six months after another authentication provider, Okta, suffered a security breach in March 2022. The incident affected 366 customers, the gang of Lapsus$ ransomware by taking responsibility.
“While Entrust is a major – and highly credible – player in the global identity and encryption market, recent cyber incidents highlight the challenges of staying ahead of relentless and well-funded cybercriminals,” Alon Nachmany, CISO of AppViewXsaid.
“The harsh reality that no one is spared in cyberattacks. Even today’s cybersecurity giants are fallible, and cybersecurity vendors are just as susceptible to costly breaches.
Threat actors exfiltrated files in Entrust security breach
Entrust has acknowledged that data was stolen from its internal systems, but the nature of the information slipped remains a mystery.
“We have determined that certain files have been extracted from our internal systems. As we continue to investigate the issue, we will contact you directly if we learn of any information that we believe may affect the security of the products and services we provide to your organization,” said Entrust CEO Todd Wilkinson. , in the security breach notification.
The security company said it had taken additional steps to strengthen its security and engaged law enforcement and a third-party cybercrime firm.
“Upon becoming aware of the issue, we notified law enforcement and began working with a leading third-party cybersecurity company. While our investigation is ongoing, we have no evidence of unauthorized access. continued authorization to our systems and are implementing additional safeguards to help strengthen our security.
Its preliminary investigation determined that the attack did not compromise the security of its operations and products.
“While our investigation is ongoing, we have found no indication to date that the issue has affected the operation or security of our products and services, which run in separate and isolated environments from our internal systems and are fully operational.”
Ransomware gang bought security credentials used in Entrust security breach
No ransomware gang took responsibility for the June 18 Entrust breach. However, Vitali Kremez, CEO of AdvIntel told BleepingComputer that a well-known ransomware gang purchased the security credentials used in the attack.
Entrust has not confirmed whether the security flaw was a ransomware attack. Negotiations are likely ongoing, and the ransomware gang has requested anonymity as part of the deal.
Ransomware attacks can cause devastating reputational damage, with some companies choosing to pay to prevent their data from being published on the dark web.
Entrust would likely take this route to prevent the ransomware gang from leaking the data of its high profile customers to the internet.