Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
France: CNIL addresses data breach of Pulse Secure tool following publication of confidential information of 900 companies
The French data protection authority ('CNIL') issued, on 28 August 2020, a statement following Pulse Secure LLC's notification of a data breach caused by a ransomware attack of its virtual private network products. In particular, CNIL outlined that a vulnerability had been exploited where outdated versions of certain products were being used. In addition, CNIL specified that the confidential information of more than 900 international organisations had been published at the beginning of August and that such information included, among other things, IP addresses of vulnerable servers, private keys, usernames, passwords and a list of users. Furthermore, CNIL recommended, among other things, that organisations update any Pulse Secure tools in use as soon as possible and change passwords used in all systems. CNIL added that organisations should generally conduct audits of information systems and monitor suspicious activities.
You can read CNIL's press release here, the CERT-FR bulletin here, and the Pulse Secure press release here, all only available in French.