Ivanti-linked breach of CISA potentially affected more than 100,000 individuals

The Cybersecurity and Infrastructure Security Agency notified lawmakers on Friday that the recent breach of its chemical plant security tool that was linked to flawed Ivanti products potentially affected more than 100,000 individuals, triggering disclosure to Congress under a federal cybersecurity law. 

The size of the breach makes it a “major incident” under the threshold established by the Federal Information Security Management Act. Hackers breached the Chemical Security Assessment Tool (CSAT), which houses information about chemical plant security plans, as well as another CISA system, CISA Gateway, which is a portal for tools to help secure critical infrastructure. The agency said it is also beginning to notify affected people and companies.

A CISA official said there’s no evidence that the hackers stole data after exploiting a vulnerability in Ivanti products, and the breach had no operational impact even though it compelled CISA to take the systems offline.

Leave a Comment