Cyber Incident Victim: Stormshield

On or around February 4, 2021, French cybersecurity firm Stormshield disclosed a security breach involving unauthorized access to one of its customer support portals. The intrusion resulted in the theft of client information, though the specific number or identities of affected customers were not detailed in the disclosure. Attackers also exfiltrated portions of the source code for Stormshield Network Security (SNS), the company’s firewall product certified for use in sensitive French government networks. Stormshield confirmed both the data breach and source code theft as part of the same incident but did not specify the exact timeline of the intrusion or the methods used by the threat actor. The compromise of SNS source code raised particular concerns due to its role in securing government infrastructure, though the company did not indicate whether the stolen code segments posed immediate operational risks.

Stormshield publicly acknowledged the incident on its disclosure date, emphasizing the dual theft of client data and proprietary source code. The company did not describe technical containment measures but confirmed the breach was limited to the customer support portal, with no evidence of further network compromise. No ransomware deployment or public extortion demands were reported in connection with the incident. The breach’s impacts included potential exposure of client information held in the support portal and strategic risks associated with the partial source code theft, which could theoretically aid future attacks against SNS deployments. Stormshield did not disclose whether it notified regulatory authorities or affected clients beyond its initial public statement, nor did it specify remediation steps taken to secure the compromised portal. The incident highlighted vulnerabilities in a critical government supplier’s infrastructure, though no follow-up incidents exploiting the stolen materials were confirmed at the time of disclosure.