Enterprise management software company LANDESK has recently alerted its current and former employees of a breach which might have exposed their personal data, security researchers have uncovered.
The security breach, which was noticed only recently, apparently took place 17 months ago.
It was first reported on by security researcher Brian Krebs, who had said that LANDESK sent a letter a week and a half ago, to current and former employees warning of an intrusion.
“It is possible that, through this compromise, hackers obtained personal information, including names and Social Security numbers, of some LANDESK employees and former Wavelink employees,” the letter states.
In a separate statement published on its website on November 25, 2015, the company said, "LANDESK recently became aware of some unusual activity on our IT systems. With the help of a leading computer forensics firm, we took immediate steps to further enhance our security measures and began conducting a thorough investigation to determine what happened."
"In the course of the investigation, we discovered that some personal information may have been exposed for a few former and current employees. Those employees have been notified, but we have no evidence that any personally identifiable information was exposed for any other employees or for any of our customers. ... We can't comment on the specifics of the investigation, but based on the information we know so far, we have not confirmed a risk to our customers' environments, and there are no known primary attack vectors using LANDESK software."
A LANDESK employee, who decided to speak to Brian Krebs under the promise of anonymity, said the breach dates back to June 2014. He said that the company noticed the intrusion after a couple of employees started complaining about slow internet speeds.
“A LANDESK software developer later found that someone in the IT department had been logging into his build server, so he asked them about it. The IT department said it knew nothing of the issue.”