Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

France: CNIL addresses data breach of Pulse Secure tool following publication of confidential information of 900 companies

The French data protection authority ('CNIL') issued, on 28 August 2020, a statement following Pulse Secure LLC's notification of a data breach caused by a ransomware attack of its virtual private network products. In particular, CNIL outlined that a vulnerability had been exploited where outdated versions of certain products were being used. In addition, CNIL specified that the confidential information of more than 900 international organisations had been published at the beginning of August and that such information included, among other things, IP addresses of vulnerable servers, private keys, usernames, passwords and a list of users. Furthermore, CNIL recommended, among other things, that organisations update any Pulse Secure tools in use as soon as possible and change passwords used in all systems. CNIL added that organisations should generally conduct audits of information systems and monitor suspicious activities.

You can read CNIL's press release here, the CERT-FR bulletin here, and the Pulse Secure press release here, all only available in French.