Cyber Incident Victim: Landesk

On November 18, 2015, LANDESK, an IT automation software provider based in South Jordan, Utah, notified current and former employees of a data breach potentially exposing their personal information, including names and Social Security numbers. The company detected unusual activity on its systems and initiated safeguards and an investigation with a computer forensics firm. According to an anonymous employee, the breach was discovered after coworkers reported slow Internet speeds and a developer identified unauthorized access to his build server by someone impersonating IT personnel. System logs revealed the initial intrusion occurred 17 months earlier, in June 2014. Investigators determined attackers compromised the passwords of LANDESK’s global IT director in Utah and a domain administrator in China, enabling prolonged access to critical infrastructure.

Attackers methodically archived data from LANDESK’s build and source code servers over 17 months, uploading it to the company’s own web servers for exfiltration. The theft of source code raised concerns about potential backdoors in LANDESK’s software—used by thousands of customers worldwide for systems management, endpoint security, and device administration—and the possibility of attackers exploiting undiscovered vulnerabilities. LANDESK confirmed no customer data compromises but acknowledged a "small amount" of employee personally identifiable information might have been accessed. The company notified potentially affected employees and emphasized ongoing investigation, declining to confirm breach timelines or source code theft specifics. In a public statement, LANDESK asserted no confirmed risks to customer environments or known attack vectors leveraging its software but advised customers to review security best practices.