American cybersecurity firm Palo Alto Networks has suffered a data breach after a third-party vendor accidentally published personal data regarding the firm’s employees online.
The privacy of seven current and former employees of Palo Alto Networks was compromised in the incident, which took place in February of this year. Details shared on the internet for all to see included names, dates of birth, and Social Security numbers, which were contained in a database of company employee details.
News of the breach came to light after a former Palo Alto Networks employee disclosed the breach to Business Insider. The American financial and business news website has kept the identity of the story’s source under wraps.
In their testimony, the former employee said that the incident had been undetected for months.
Palo Alto Networks, which is headquartered in Santa Clara, California, has more than 60,000 customers in over 150 countries. Upon being contacted, the global cybersecurity company confirmed that the breach had taken place and said that the contract with the third-party vendor that inadvertently published the data had been terminated.
The decision to dissolve the contract and send a clear message out to other vendors of what is expected of them was made by CEO of Palo Alto Networks, Nikesh Arora.
A Palo Alto Networks spokesperson said: “We took immediate action to remove the data from public access and terminate the vendor relationship. We also promptly reported the incident to the appropriate authorities and to the impacted individuals.
“We take the protection of our employees’ information very seriously and have taken steps to prevent similar incidents from occurring in the future.”
Precisely which third-party vendor ensnarled Palo Alto Networks in this embarrassing data exposure has been revealed by neither the firm nor—assuming that they were in fact privy to this particular piece of information—Business Insider.
Absent also from the press reports on the incident are exact details of how the breach came to occur. All that’s revealed is that the data was exposed as a result of a security error on the part of the third-party vendor.
It is unknown whether the exposed data ended up on the dark web as a result of the breach.