Accellion, a California based software company, has agreed to pay $8.1 million for failing to protect the information of its customers stored on its File Transfer Appliance (FTA) from hackers.
Initially, as soon as a PIL was filed by a legal representative of some victims, the company denied all the allegations. But it agreed to settle the loss for $8.1million incurred to the customers in the form of notices, claims and admin costs.
Note 1-In Dec’2020, a zero day vulnerability caused hackers to breach the network of Accellion leaking sensitive information such as social security numbers, driving license numbers, healthcare data, contact info and names related to clients including Shell, The University of California, Stanford University School of Medicine, Bombardier, University of Miami Health, Trillium, Community Health Plan and Kroger.
Note 2- The Company that specialized in offering secured File Transfer Appliance (FTA) service for over 20 years was about to switch to a new cloud based service dubbed Kiteworks from April 2021.
Note 3-But a hacking group named FIN11 linked to Clop Ransomware Group succeeded in exploiting the vulnerabilities of the legacy file transfer solution provider and managed to steal a sizeable amount of information to demand a ransom in exchange of the stolen data and a decryption key.
Note 4- In order to avoid legal trouble, the company has agreed to settle for data breach compensation worth $8.1 million with no obligations on a further note.