CGG, a Geoscience Company is Investigating Cybersecurity Incident
The France-based company was recently informed of a cybersecurity incident that took place on a server hosting Accellion software.
Earlier this month Accelion declared that all known vulnerabilities had now been fixed, following “sophisticated cyberattacks” on its legacy file transfer appliance (FTA) software in December and January.
In December 2020 it was discovered that a cyber attacker gained access to Accellion’s client data via a zero-day vulnerability found in its secure file transfer application.
While Accelion initially said the vulnerability was patched within 72 hours, later had to declare that new vulnerabilities were discovered.
The latest public update provided by the company came on the 1st of February and said it had patched all known FTA vulnerabilities exploited by the attackers and that new monitoring and alerting capabilities to flag anomalies associated with these attack vectors were added.
The Geoscience Company CGG declared last week that previously patched vulnerability, exploiting Accellion’s secure FTA, was originally discovered in another Accellion customer environment.
CGG was recently informed of a cybersecurity incident on a server hosting Accellion software.
The vulnerability exploiting Accellion’s secure file transfer application (FTA), before they could find a corrective patch, was originally discovered in another Accellion customer environment.
At CGG, Accellion’s FTA was used on a separate server, isolated from production IT infrastructure. This standalone server had limited use within CGG and was not used to transfer or store personal or commercially sensitive information. There has been no operational or financial impact.
CGG takes Information Security very seriously and will thoroughly investigate the incident in collaboration with Accellion and CGG’s external security partners, to document full details, and identify any potential areas to further reduce future risks.
Should any pertinent information become available as part of the investigation, CGG will notify the relevant parties.
The company will further investigate the incident in collaboration with Accellion and external security partners just to document in full detail and identify any potential areas to further reduce any possible future risks, as well as making sure to notify relevant parties if any information became available.