Some information has finally been released regarding a breach of LogicGate that occurred back in February. Until this week, the company had only disclosed the information to their customers who were affected. An attacker gained access to LogicGate’s Amazon Web Services cloud storage server that contained customer information and exfiltrated the decrypted data. A portion of the emails sent to customers by LogicGate said “Only data uploaded to your Risk Cloud environment on or prior to February 23, 2021, would have been included in that backup file. Further, to the extent you have stored attachments in the Risk Cloud, we did not identify decrypt events associated with such attachments.” It is not yet known how the attackers obtained the credentials that were used to login to the cloud server, but as investigations continue the will likely be known in the near future. There are many questions left unanswered and while TechCrunch reached out to LogicGate, they chose not to answer questions. More information will likely be released as investigations continue.
Analyst Notes
It’s unclear at this time how the attackers were able to gain access to the credentials, so until then a proper recommendation cannot be given. Companies using AWS clouds should use passwords that have not been reused on other sites. Enabling multi-factor authentication will also add an extra layer of security that should be mandatory for any account that could access sensitive information. Additional steps on how to secure an AWS cloud can be found on Amazon’s website: https://aws.amazon.com/blogs/security/getting-started-follow-security-best-practices-as-you-configure-your-aws-resources/.
Source: https://techcrunch.com/2021/04/13/logicgate-risk-cloud-data-breach/?&web_view=true
