At a Glance
LogicGate, a risk and compliance startup, has confirmed a data breach from some particular files stored in their Amazon Web Services (AWS)-hosted cloud. Only customers have been intimated about the breach.
Following an email sent by the startup earlier in late February this year, they attributed the reason behind the breach to an unauthorized “third party”, which had obtained access to their AWS cloud, AWS S3 buckets. The cloud stores customer backup files as a function of LogicGate’s flagship program, Risk Cloud, which assists companies in identifying and managing their risk, compliance, data protection, and other security standards. Risk Cloud hunts down security vulnerabilities before hackers and other malicious programs exploit them to access data.
LogicGate sent the aforementioned information to its customers, where they did not enunciate on how the AWS credentials were compromised. However, the email read, giving some customers a space to breathe,
“Only data uploaded to your Risk Cloud environment on or prior to February 23, 2021, would have been included in that backup file. Further, to the extent you have stored attachments in the Risk Cloud, we did not identify decrypt events associated with such attachments.”
LogicGate further added that it was committed to finding the root cause of the incident by that week. However, no public statement on the breach has been made thus far. There is little clarity on whether the data breach affected all their customers or only the customers they had contacted.
Matt Kunkel, the CEO of LogicGate, confirmed the data breach but was reluctant to comment on it, stating that LogicGate shall be answerable to their customers instead. He also denied answers to questions on whether attackers exfiltrated decrypted customer data from its servers.
Reports state that severe violations in the existing General Data Protection and Regulation (GDPR) guidelines can lead to an acceptable worth €20 million or 4 percent of the company’s turnover in its previous fiscal. Failing to report security incidents can lead to the same punishment being imposed.
Launched in 2015, LogicGate has thus far secured about $40 million in funding.