US cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.
In a brief statement Thursday, CISA said it was responding to a “recent compromise” at Sisense, which provides business intelligence and data analytics to businesses around the world.
CISA said it urges Sisense customers to “reset credentials and secrets potentially exposed or used to access Sisense services” and to report any suspicious activity involving the use of information to the agency. compromised identification.
The exact nature of the cybersecurity incident is unclear.
Founded in 2004, Sisense develops business intelligence and data analytics software for large enterprises, including telecommunications operators, airlines and technology giants. Sisense’s technology enables organizations to collect, analyze and visualize large amounts of their enterprise data by directly leveraging their existing cloud technologies and systems.
Companies like Sisense rely on the use of credentials, such as passwords and private keys, to access a customer’s various data stores for analysis.
By accessing these credentials, an attacker could potentially also access a customer’s data.
CISA said it is “taking an active role in working with private sector partners to respond to this incident, particularly with respect to impacted critical infrastructure sector organizations.”
Sisense customers include Air Canada, PagerDuty, Philips Healthcare, Skullcandy and Verizon, as well as thousands of other organizations around the world.
News of the incident first emerged Wednesday after cybersecurity journalist Brian Krebs published a memo sent by Sisense’s chief information security officer, Sangram Dash, urging customers to “rotate all credentials that you use in your Sisense app.”
Neither Dash nor a company spokesperson responded to an email from TechCrunch.
Israeli media reported in January that Sisense had laid off about half of its employees since 2022. It is unclear whether these layoffs had an impact on the company’s security. Sisense has secured nearly $300 million in funding from investors including Insight Partners, Bessemer Ventures Partners and Battery Ventures.
Do you know more about the Sisense breach? To contact this journalist, contact Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.
techcrunch
