LANDESK, a company based out of Utah, that provides IT automation and security management products and services to customers all over the world has alerted some of its current and former employees that a data breach may have compromised some of their personal information.
LANDESK reportedly sent letters to current and former Wavelink employees informing them of a possible data intrusion in which they stated that the possibility existed that a “few” employee’s personal information may have been compromised by “hackers” and this information breach may include their names and Social Security numbers.
LANDESK has been quite tight-lipped with any journalistic inquiries made about the breach, including a leading cyber security journalist, Brian Krebs, who reported that LANDESK would not comment on questions he posed regarding the breach, but that the company provided him with the following statement:
We recently became aware of some unusual activity on our systems and immediately initiated safeguards as a precaution and began an investigation. As part of our ongoing investigation in partnership with a leading computer forensics firm, we recently learned that a small amount of personally identifiable information for a limited number of our employees may have been accessible during the breach. While no data compromises of personally identifiable information are confirmed at this point, we have reached out with information and security resources to individuals who may have been affected. The security of our networks is our top priority and we are acting accordingly.
The few employees who may have been affected were notified promptly, and at this point the impact appears to be quite small.
However, according to the Brian Krebs’s report, an unnamed employee of LANDESK claimed that the breach occurred as far back as June, 2014 and was an ongoing thing until the end of 2015. Krebs’s confidential source was quoted as saying,
LANDESK has found remnants of text files with lists of source code and build servers that the attackers compiled. They know for a fact that the attackers have been slowly [archiving] data from the build and source code servers, uploading it to LANDESK’s web servers, and downloading it.
If Krebs’s confidential employee’s information is true the breach could have wide ranging consequences for LANDESK, its employees and more importantly, its worldwide customers. If these hackers have in fact created a back door to LANDESK’s source code and were utilizing it for a year and a half that would mean these cyber criminals could seamlessly hack into the computers and servers of LANDESK. And moreover its customers, potentially inserting highly specialized malware designed specifically from the knowledge the LANDESK long term hack would have provided them with.
It is not surprising that LANDESK would not respond to these allegations, neither confirming nor denying the Krebs report confidential employee’s assertions and merely stating the company “would not comment on speculation” and that the incident is an ongoing investigation.
It did however post a statement to its website. In the statement, LANDESK continued to reassert that the company had recently determined with the help of a leading forensics firm that:
In the course of the investigation, we discovered that some personal information may have been exposed for a few former and current employees. Those employees have been notified, but we have no evidence that any personally identifiable information was exposed for any other employees or for any of our customers.
Given the recent online speculation about the security of our product, we want to reassure you about the security of our products and provide some best practices to help you increase your security posture if needed. We can’t comment on the specifics of the investigation, but based on the information we know so far, we have not confirmed a risk to our customers’ environments, and there are no known primary attack vectors using LANDESK software.
The statement goes on to say how security is their highest priority and posts their recommendations to their clients on IT security best practices and include a link for “other recommendations, including recommendations specific to the LDMS Core, see: Securing LANDESK Environment Best Practices.”
Naturally there will be a lot of interest in the cyber security industry as to what the completion of the LANDESK investigation will reveal, to say the least.
Additional Resources About This Breach:
http://krebsonsecurity.com/category/data-breaches/
http://www.securityweek.com/it-management-firm-landesk-suffers-data-breach
http://www.databreaches.net/breach-at-it-automation-firm-landesk/
http://www.itproportal.com/2015/11/30/landesk-hacked-customer-data-may-have-been-stolen/