The breach has triggered a CISA alert and fear for impacted customers.
What happened
The U.S. Cybersecurity and Infrastructure Agency (CISA) recently issued an alert warning Sisense customers of a data breach. CISA is concerned that the breach could impact other data sources.
Sisense is a massive company based in New York City with roots in Israel. The company is known to have big clients including Verizon, Nasdaq, and Air Canada. The company is also utilized significantly in US healthcare, manufacturing, retail, and technology sectors.
The company is a business intelligence and data analytics platform that allows users to access and analyze large amounts of data. The company utilizes artificial intelligence and machine learning for analysis.
Going deeper
According to Brian Krebs, a trusted cybersecurity investigator, Sisense’s Chief Information Security Officer, Sangram Dash, told customers on April 10th that the company was made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet).”
Little information has been released regarding the breach. Allegedly, the breach started when an attacker gained access to the company’s Gitlab code repository, which contained a token or credential allowing the malicious actors to access Sisense’s Amazon S3 buckets in the cloud. Attackers were then allegedly able to exfiltrate several terabytes of Sisense customer data, including tokens, email account passwords, and more.
According to Krebs, now that the actors have these tokens and bits of data, it may be up to the customers themselves to change their credentials.
Dash has also released further information to Sisense customers specifically, providing guidance on how customers can reset action tokens and other steps that should be taken to prevent a data breach.
What was said
In an alert issued by CISA, the agency advised Sisense customers to “resent credentials and secrets potentially exposed to, or used to access, Sisense services.”
Sisense also released a similar statement saying, “Out of an abundance of caution, and while we continue to investigate, we urge you to promptly rotate any credentials that you use within your Sisense application.”
Dash said Sisense is “taking this matter seriously and promptly commenced an investigation…We engaged industry-leading experts to assist us with the investigation. This matter has not resulted in an interruption to our business operations.”
CISA further added, “CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.”
The big picture
Sisense services are actively used by critical industries across the world and in the United States. An attack on a supply chain can be devastating because of the number of companies potentially impacted.
Customers who use Sisense should take immediate steps to follow CISA and Sisense guidance.
Both organizations have remained relatively tight-lipped on the breach, and more details are likely to come out later. The number of organizations impacted and the attacking organization have yet to be revealed.
Read more: HIPAA Compliant Email: The Definitive Guide.
Abby Grifno
