Cyber Incident Victim: Informatica Corporation
Date:
May 2023
Location:
United States of America
Summary
Informatica experienced unauthorized access to files on its technical support FTP server due to exploitation of the MOVEit Transfer vulnerability (CVE-2023-34362), though no products were impacted. The company confirmed files uploaded by customers during a specific period were affected and engaged directly with those impacted while monitoring the situation. The incident highlighted broader cybersecurity risks, including potential system compromises, data breaches, and operational disruptions tied to third-party software vulnerabilities, leading to unplanned resource allocation for remediation and customer communications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident involving Informatica emerged around May 21, 2023, when unauthorized access impacted files uploaded to the company's technical support FTP server, which utilized Progress MOVEit software. This breach stemmed from exploitation of a zero-day vulnerability (CVE-2023-34362) in the MOVEit Transfer application, which third-party attackers leveraged to compromise systems globally. Informatica confirmed the activity occurred between May 21 and June 1, 2023, specifically affecting files transferred via the support FTP server during this 11-day window. The company’s internal security team detected anomalous activity linked to the vulnerability and initiated monitoring and response protocols. No Informatica commercial products or core cloud services were compromised, as the breach remained confined to the support file transfer infrastructure. According to disclosures, the impacted files contained customer-generated data submitted for technical assistance purposes, though the filing omitted specifics regarding data types or volume.
In response, Informatica’s Global Customer Support team directly engaged affected clients regarding the exposure, providing mitigation guidance and incident-specific assistance. Technical personnel prioritized patching the MOVEit vulnerability across relevant systems, conducting forensic investigations to scope the intrusion, and documenting remediation procedures. The company’s SEC filing noted these activities demanded unplanned resource allocations across security, operations, development, and customer success teams, diverting attention from routine operations. Public communication on May 31, 2023, included a Knowledge Base article detailing containment measures and security upgrades implemented post-incident. While immediate financial impacts weren’t quantified, regulatory disclosures acknowledged potential long-term consequences including reputational damage, customer attrition, regulatory penalties, and litigation if data misuse occurred. The breach highlighted systemic risks from third-party software dependencies, with the filing citing previous security incidents involving Apache Log4j (2021) and other vendor vulnerabilities as ongoing operational challenges requiring similar response investments.