LOGO

LogicGate Data Breach: Risk and Startup Impact

April 13, 2021
Topics:AmazonAmazon Web ServicesBlue Cross Blue ShieldCapcoCloud Computingcloud storagecomputer securitycomputingdata breachdata securityEuropehealth insurancesecuredropSecuritysecuritysecurity breachesSoFiUnited States
LogicGate Data Breach: Risk and Startup Impact

LogicGate Confirms Data Security Incident

A data breach has been confirmed by risk and compliance technology firm, LogicGate. However, public awareness of this incident has been limited.

Customers were notified via email earlier this month regarding an event that occurred on February 23rd. An unauthorized party successfully gained access to credentials for cloud storage servers hosted on Amazon Web Services.

Details of the Breach

These servers contained backup files for LogicGate’s primary Risk Cloud platform. This platform assists organizations in identifying and managing risks, as well as ensuring adherence to data protection and security protocols.

The compromised credentials were reportedly utilized to decrypt specific files within AWS S3 buckets belonging to the LogicGate Risk Cloud backup environment, according to the notification.

Data potentially affected is limited to information uploaded to the Risk Cloud platform on or before February 23, 2021. Attachments stored within the Risk Cloud were not identified as being subject to decryption events.

Investigation and Response

The method by which the AWS credentials were compromised remains undetermined. LogicGate communicated in a subsequent update last Friday that they expect to identify the root cause of the incident within the current week.

Notably, LogicGate has not issued a public statement concerning the breach. It is also unclear whether all customers were contacted, or only those whose data may have been accessed.

Among LogicGate’s clientele are prominent organizations such as Capco, SoFi, and Blue Cross Blue Shield of Kansas City.

Company Response and Legal Considerations

When contacted, LogicGate’s chief executive, Matt Kunkel, acknowledged the breach but refrained from providing further comment due to the ongoing investigation. He emphasized the company’s preference for direct communication with its customers.

Mr. Kunkel did not confirm or deny whether the attacker successfully removed the decrypted customer data from LogicGate’s servers.

Failure to comply with state data breach notification laws can result in substantial financial penalties for organizations. Under the General Data Protection Regulation (GDPR) in Europe, violations can lead to fines of up to 4% of annual revenue.

Recent Funding

LogicGate recently secured $8.75 million in additional funding in December, bringing its total funding to over $40 million since its inception in 2015.

If you are a LogicGate customer with information to share, please reach out securely via Signal and WhatsApp at +1 646-755-8849. Alternatively, you can utilize our SecureDrop for file and document submissions. Further details are available. 

#LogicGate#data breach#risk management#startup security#cybersecurity incident

Related Posts

NHS England Data Breach Confirmed by Tech Provider

NHS England Data Breach Confirmed by Tech Provider

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Pornhub Hacked: User Data Extorted by Hacking Group

Pornhub Hacked: User Data Extorted by Hacking Group

Google and Apple Release Emergency Security Updates

Google and Apple Release Emergency Security Updates

700credit Data Breach: 5.6 Million Affected

700credit Data Breach: 5.6 Million Affected

Home Depot Data Breach: Internal Systems Exposed for a Year

Home Depot Data Breach: Internal Systems Exposed for a Year