Security Experts:

Connect with us

Hi, what are you looking for?



Embedded Software Developer Wind River Discloses Data Breach

Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party.

Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party.

The Alameda, California-based wholly owned subsidiary of TPG Capital develops run-time software, middleware, industry-specific software, development tools, and simulation technology. Its product portfolio includes the Wind River Linux operating system and the VxWorks real-time operating system.

A copy of the data breach notification that the company has filed with California’s Attorney General reveals that the newly disclosed security incident took place on or around September 29, 2020.

“Our outside experts recently determined that some of your personal information would have been available within one or more files that were downloaded from our network on or about September 29, 2020,” the letter sent to employees reads.

The company also says it has no indication that the information contained within those files might have been misused, and that it did not find these files being shared online.

Wind River says that the type of personal information compromised might vary, and would include the information stored in the company’s personnel records.

Thus, compromised employee data could include birth dates, driver’s license numbers, national identification numbers, social security numbers, social insurance numbers, passport or visa numbers, health details, and/or financial account information.

Wind River hasn’t provided information on the number of affected employees, or how the attackers were able to compromise its systems.

SecurityWeek has reached out to Wind River for additional information on the security incident and will update this article as soon as a reply arrives.

Related: Over 1 Million Impacted by Data Breach at Washington State Auditor

Related: Australian Corporate Regulator Discloses Breach Involving Accellion Software

Related: Clothing Brand Bonobos Notifies Users of Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.