The National Cyber Security Centre has published guidance for organisations seeking further advice. Organisations subject to the NIS Regulation will also need to determine if this incident has led to a “substantial impact on the provision’ of its digital services and report to the ICO. Reports can be submitted online or organisations can call the ICO’s personal data breach helpline for advice on 03, option 2. If a reportable personal data breach is found, UK data controllers are required to inform the ICO within 72 hours of discovering the breach. Organisations must also determine if the personal data they hold has been affected by the cyber-attack.
Further details can be found on the SolarWinds website. SolarWinds has provided detailed instructions to allow its customers to determine what version of the Orion platform they are running and to enable them to upgrade and resolve the issue. As the company investigated further into the origin of the attack, the connection to SolarWind’s Orion IT platform was discovered. These are versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1. In mid-December 2020, security company FireEye recognized and reported a data breach that included access to the company’s suite of Red Team hacking tools. Organisations should immediately check whether they are using a version of the software that has been compromised. Organisations using the compromised Orion platform could potentially have allowed an attacker to move into other parts of its IT Network and systems and breach personal data. SolarWinds was the victim of a cyber-attack where a vulnerability was inserted into its Orion platform.
0 kommentar(er)
