Cyber Incident Victim: Entrust
Date:
Jun 2022
Location:
United States of America
Summary
A digital security firm specializing in identity management and authentication services suffered a cyberattack involving unauthorized network access and data theft from internal systems. The breach, attributed to a ransomware operation that leveraged compromised credentials, raised concerns due to the company's role in providing encrypted communications and secure solutions to numerous sensitive organizations, including multiple US government agencies. While the investigation found no evidence of operational or product security compromise, stolen corporate data remained a significant risk. The attackers employed tactics consistent with double-extortion strategies, though encryption impacts were unconfirmed. The victim engaged external cybersecurity experts and law enforcement but withheld further attack details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 18, 2022, digital security firm Entrust detected unauthorized access to systems supporting its internal operations. The company initiated an immediate investigation but did not publicly disclose the breach until July 6, when it notified customers via a security letter from CEO Todd Wilkinson. Entrust confirmed data theft from internal systems but stated its ongoing investigation had found no evidence that product functionality or security was compromised. The breach impacted systems handling corporate operations, though the specific data categories stolen—whether solely corporate information or including customer and vendor data—remained undetermined as of the July 6 notification. Entrust engaged a leading cybersecurity firm and law enforcement to investigate the incident while maintaining normal service operations.
BleepingComputer reported on July 22, 2022, that a ransomware group purchased compromised credentials to breach Entrust’s network, according to AdvIntel CEO Vitali Kremez. The attackers executed data exfiltration, with ransomware operational tactics suggesting potential double-extortion attempts, though Entrust did not confirm whether file encryption occurred. The company declined to identify the threat actors or disclose ransom demands. Potential consequences were significant given Entrust’s client base, which included multiple U.S. federal agencies such as the Departments of Energy, Homeland Security, Treasury, and Veterans Affairs, among others. Entrust’s remediation efforts continued beyond the initial July 6 disclosure, with no further public updates on investigation outcomes or data exposure specifics by the time of media reporting.