Cyber Incident Victim: Transmit Security
Date:
Feb 2020
Location:
United States of America
Summary
A cybersecurity firm providing authentication services to major financial institutions suffered a breach compromising over a thousand email addresses, phone numbers, and other sensitive information, though the company disputed claims that passwords were affected. Attackers accessed the organization's file-sharing system used for distributing software components to clients, prompting its immediate shutdown. The incident also exposed internal communications and technical assets like binaries, while the firm asserted no proprietary source code leakage occurred and confirmed client application data remained unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early 2020, Transmit Security, a cybersecurity firm specializing in authentication services for corporate clients including TD Bank and the First International Bank of Israel, experienced a breach impacting its internal systems. The company notified customers that attackers had compromised its NextCloud file-sharing platform, primarily used to distribute software binaries to clients. According to a researcher referenced in Transmit Security’s breach notification, the incident exposed over a thousand email addresses, passwords, phone numbers, and other sensitive personal information belonging to an unspecified group of individuals. The company later contradicted this assessment in a follow-up communication, explicitly denying that passwords were affected. Transmit Security responded by permanently shutting down its NextCloud instance to contain the intrusion and prevent further unauthorized access.
Beyond personal data, the breach involved unauthorized access to source code, proprietary software binaries, and archived email communications exchanged between Transmit Security and its clients. The researcher’s findings, cited in the initial notification, indicated these materials were exposed through the compromised NextCloud system. However, Craig Currim, Transmit Security’s head of field engineering, publicly disputed the claim regarding source code, asserting it had not been leaked. The company emphasized that no client application data or customer information from its banking or enterprise clients was accessed or exfiltrated during the incident. No additional technical details about the attackers’ methods, timeline of exploitation, or discovery process were disclosed in the available notification materials.