Cyber Incident Victim: LogicGate
Date:
Feb 2021
Location:
United States of America
Summary
LogicGate experienced a data breach involving unauthorized access to its AWS-hosted cloud storage servers, where an attacker obtained credentials to decrypt customer backup files from its Risk Cloud platform. The compromised backups contained data uploaded prior to the incident, excluding stored attachments which showed no evidence of decryption. The company has not publicly disclosed the breach's root cause, the method of credential compromise, or whether exfiltration of decrypted data occurred. An internal investigation remains ongoing, with direct communication limited to customers rather than public announcements. LogicGate declined to confirm the number of affected customers or whether regulatory authorities were notified per data breach laws.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 23, 2021, an unauthorized third party obtained credentials to LogicGate's Amazon Web Services-hosted cloud storage servers, which stored customer backup files for its Risk Cloud platform. The Risk Cloud platform assists companies in identifying and managing risk and compliance with data protection standards. LogicGate notified customers via email in early April 2021 that the compromised credentials appeared to have been used to decrypt specific files within AWS S3 buckets in the backup environment. The breach only affected data uploaded to customer Risk Cloud environments on or prior to February 23, 2021. LogicGate clarified that attachments stored within Risk Cloud were not subject to identified decrypt events. The company did not disclose the method by which the AWS credentials were compromised or whether the decrypted customer data was exfiltrated from its servers.
LogicGate initiated an investigation but made no public statement regarding the breach, communicating exclusively through direct customer emails. CEO Matt Kunkel confirmed the incident when contacted by media but declined to provide specifics, citing the ongoing investigation. As of April 13, 2021, the company anticipated identifying the root cause within the following week. LogicGate did not disclose how many customers were affected or whether it had notified U.S. state authorities as required by data breach laws. The incident impacted organizations including Capco, SoFi, and Blue Cross Blue Shield of Kansas City. The breach occurred after LogicGate secured $8.75 million in funding in December 2020, bringing its total raised capital to over $40 million since its 2015 launch.