Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party.
The Alameda, California-based wholly owned subsidiary of TPG Capital develops run-time software, middleware, industry-specific software, development tools, and simulation technology. Its product portfolio includes the Wind River Linux operating system and the VxWorks real-time operating system.
A copy of the data breach notification that the company has filed with California’s Attorney General reveals that the newly disclosed security incident took place on or around September 29, 2020.
“Our outside experts recently determined that some of your personal information would have been available within one or more files that were downloaded from our network on or about September 29, 2020,” the letter sent to employees reads.
The company also says it has no indication that the information contained within those files might have been misused, and that it did not find these files being shared online.
Wind River says that the type of personal information compromised might vary, and would include the information stored in the company’s personnel records.
Thus, compromised employee data could include birth dates, driver’s license numbers, national identification numbers, social security numbers, social insurance numbers, passport or visa numbers, health details, and/or financial account information.
Wind River hasn’t provided information on the number of affected employees, or how the attackers were able to compromise its systems.
SecurityWeek has reached out to Wind River for additional information on the security incident and will update this article as soon as a reply arrives.
Related: Over 1 Million Impacted by Data Breach at Washington State Auditor
Related: Australian Corporate Regulator Discloses Breach Involving Accellion Software
Related: Clothing Brand Bonobos Notifies Users of Data Breach
More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
