CISA shares warning on potentially massive Sisense data breach

12 Apr 2024

Image: © Chor muang/Stock.adobe.com

Terabytes of Sisense customer data may have been stolen according to some sources, while CISA has urged customers to reset their credentials as a precaution.

The US Cybersecurity and Infrastructure Security Agency (CISA) said it is responding to a report of a “recent compromise” that impacted business intelligence company Sisense.

The US-based company has developed a global platform to let its customers learn more about their users through data analytics.

CISA said it is collaborating with private industry partners in response to a compromise “discovered by independent security researchers” and has urged Sisense customers to reset their credentials and report any suspicious activity.

“CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organisations,” the agency said. “We will provide updates as more information becomes available.”

The cause and scale of the incident is unclear. Brien Krebs of Krebs on Security shared a message allegedly sent from Sisense’s CISO Sangram Dash, which claimed that company information may have been made available on a “restricted access server”.

Sisense declined to comment to Krebs Security about the incident, but two sources claim attackers managed to access the company’s Gitlab code repository and steal several terabytes of customer data, including access tokens and email account passwords – information that could be used to launch attacks across the company’s supply chain.

The company claims to have various high-profile customers such as Nasdaq, Air Canada, Bioforum and Creditclear. There were also reports that the Israel-founded company laid off a significant number of staff over the past year.

Supply chain attacks

As cyberattacks become more sophisticated, there have been growing concerns in recent years of attacks on companies that can lead to data being stolen from other customers.

For example, in 2022 one phishing campaign compromised more than 130 organisations by obtaining Okta identity credentials and two-factor authentication codes from users, before mimicking the Okta authentication pages of these organisations.

That same year, Zoom’s head of security assurance Sandra McLeod described supply chain attacks as one of the “biggest challenges” being faced in the IT landscape.

A recent report by the International Monetary Fund (IMF) raised concerns around these types of attacks impacting the financial sector, as the industry is increasingly relying on third-party IT service providers. The IMF warned that these third-party providers could expose banks to “systemwide shocks” in the event of a data breach.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com