Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party.
The Alameda, California-based wholly owned subsidiary of TPG Capital develops run-time software, middleware, industry-specific software, development tools, and simulation technology. Its product portfolio includes the Wind River Linux operating system and the VxWorks real-time operating system.
A copy of the data breach notification that the company has filed with California’s Attorney General reveals that the newly disclosed security incident took place on or around September 29, 2020.
“Our outside experts recently determined that some of your personal information would have been available within one or more files that were downloaded from our network on or about September 29, 2020,” the letter sent to employees reads.
The company also says it has no indication that the information contained within those files might have been misused, and that it did not find these files being shared online.
Wind River says that the type of personal information compromised might vary, and would include the information stored in the company’s personnel records.
Thus, compromised employee data could include birth dates, driver’s license numbers, national identification numbers, social security numbers, social insurance numbers, passport or visa numbers, health details, and/or financial account information.
Wind River hasn’t provided information on the number of affected employees, or how the attackers were able to compromise its systems.
SecurityWeek has reached out to Wind River for additional information on the security incident and will update this article as soon as a reply arrives.