IT security giant Entrust says it’s investigating alleged June data breach
Jonathan Greig July 26, 2022

IT security giant Entrust says it’s investigating alleged June data breach

IT security giant Entrust says it’s investigating alleged June data breach

Identity management giant Entrust said it is still in the process of investigating an alleged ransomware attack that took place in June.

In a statement to The Record, Entrust vice president of communications Ken Kadet said an “unauthorized party” was able to access parts of its system that are used for the internal operations of the company on June 18.

“We promptly began an investigation with the assistance of a leading third-party cybersecurity firm and have informed law enforcement,” Kadet said. 

“While our investigation is ongoing, we have found no indication to date that the issue has affected the operation or security of our products and services, which are run in separate, air-gapped environments from our internal systems and are fully operational.” 

Kadet declined to answer questions about whether the firm experienced a ransomware attack or had data stolen.

But he did confirm that the company has been in contact with some of its customers, which include Microsoft, Mastercard, Visa, and Square, as well as government agencies including the Department of Homeland Security, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, the Department of Agriculture and the Department of Energy. 

Rumors of the attack on Entrust began to emerge last week, when cybersecurity researcher Dominic Alvieri shared a message the company’s CEO sent to customers on July 6 explaining that while the operation and security of their products was not affected by the attack, some files were taken during the incident.

The message Entrust sent to its customers. (Credit: Dominic Alvieri)

A day later, AdvIntel CEO Vitali Kremez told BleepingComputer that a ransomware group “purchased compromised Entrust credentials and used them to breach their internal network.”

Kremez did not say which group was responsible and no group has come forward to take credit for the attack.

Yelisey Boguslavskiy, head of threat research at security company AdvIntel, later told Tech Monitor that “the group behind it is a top-tier actor, most likely close and operationally identical to teams like Cl0p, BlackCat, and, most importantly, Evil Corp infiltration teams.”

Entrust provides security services and identity management tools to larger organizations in the financial, healthcare and government sectors. 

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.