Sisense's data breach is serious enough that CISA is investigating. Here's what you need to do
Companies around the world need to act quickly after another major security breach hit a company that provides critical data analytics and visualization tools to a slew of organizations.
Earlier this week, Sisense confirmed that the data dashboard and analytics company had been hit with a breach that allowed hackers to access its customers' data. While Sisense has been somewhat tight-lipped about the exact nature and extent of the attack, security site KrebsonSecurity cited sources who said that the attack appears to have allowed hackers to steal terabytes worth of customer data, "which apparently included millions of access tokens, email account passwords, and even SSL certificates."
Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online
This is likely why the US government is taking the attack so seriously. The US Cybersecurity and Infrastructure Security Agency (CISA), which acts to protect critical US infrastructure against cybersecurity threats, issued an advisory on the matter this week, and said that it's working with other companies in the industry to mitigate any potential problems the breach could spur.
"CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations," the agency said. "We will provide updates as more information becomes available."
Also: CISA: Do these three things to toughen up your network against hackers
Sisense has more than a thousand customers across the globe, including organizations in health care, technology, and government. The company provides a range of services to its customers, including the ability to load up all of their data into Sisense and use the company's tools to create dashboards and run analytics to gain insights. In other words, stolen user credentials aside, Sisense also has a nearly endless supply of important data that its customers would certainly not want hackers to access.
While details on how the hackers obtained the data haven't been released, KrebsonSecurity cited multiple sources who said hackers accessed Sisense's GitLab code repository that contained credentials for Sisense's Amazon S3 account, where the hackers were able to steal all the data. The sources didn't say who may have been behind the attack.
CISA's involvement in the breach, however, sets a decidedly ominous tone. While Sisense said in a statement that the company is "taking this matter seriously and promptly commenced an investigation," there's little the company can do now that the data has been stolen.
Indeed, in a statement on Thursday, Sisense provided detailed instructions for customers on how to address the breach: "We are following up on our prior communication of April 10, 2024, regarding reports that certain Sisense company information may have been made available on a restricted access server. As noted, we are taking this matter seriously and our investigation remains ongoing. Our customers must reset any keys, tokens, or other credentials in their environment used within the Sisense application."
Also: Were you caught up in the latest data breach? Here's how to find out
Sisense added that customers should engage in a range of activities, including changing passwords, logging out of Single Sign-On accounts, rotating Web access tokens, resetting user parameters, and more.
This story is likely far from over and we'll be watching what's next for Sisense and its customers. For now though, if your company uses Sisense, you should move swiftly to follow its advice and stay vigilant in the coming weeks and months as the data is likely exploited.