France: CNIL addresses data breach of Pulse Secure tool following publication of confidential information of 900 companies
The French data protection authority ('CNIL') issued, on 28 August 2020, a statement following Pulse Secure LLC's notification of a data breach caused by a ransomware attack of its virtual private network products. In particular, CNIL outlined that a vulnerability had been exploited where outdated versions of certain products were being used. In addition, CNIL specified that the confidential information of more than 900 international organisations had been published at the beginning of August and that such information included, among other things, IP addresses of vulnerable servers, private keys, usernames, passwords and a list of users. Furthermore, CNIL recommended, among other things, that organisations update any Pulse Secure tools in use as soon as possible and change passwords used in all systems. CNIL added that organisations should generally conduct audits of information systems and monitor suspicious activities.