Accellion
Okay, this one is technically from December 2020 – but the number of people impacted by this unfortunate example of vendor risk is still growing, so it warrants a look.
As profiled by Bloomberg, “Accellion, Inc. provides secure collaboration and managed file transfer solutions. The Company offers productivity, enterprise content, file sharing and synchronization and storage, replacement, and backups and recovery. Accellion serves customers globally.” According to their own website, they have protected more than 25 million end users at over 3,000 global corporations and government agencies.
Unfortunately, this is a lot of end users and a lot of personal information could potentially be stolen. And that’s what came to pass: As of last month, the number of victims affected by this breach had reached a shocking 3.5 million. And, as we mentioned, this number is still growing.
The hackers utilized vulnerabilities in Accellion’s FTA (File Transfer Appliance) to expose sensitive and personal data, such as banking and health-related information. The FTA was released roughly twenty years ago to allow organizations to securely share files that were too large to send via email. According to HIPAA Guide, “The data leak site of the Clop ransomware gang was used to publish some of the stolen data to encourage payment of the ransom.”
This has resulted in a number of lawsuits against Accellion by victims in California and Washington state courts – and who can blame them? If you’re a company that relied on them, you’re possibly going to suffer a reputational hit as well.