Another VPN network provider has been implicated in a breach of security, leaving at least 900 companies vulnerable to cyberattacks and the installation of spyware.
The list of companies includes ‘‘a surprising number of IT firms’, a large hospital, educational institutions, a listed company and companies on government contracts, NPO Radio 1 reported on Sunday, adding it was not publishing their names for security reasons.
News comes days after detailed emerged of a security lapse at Pulse Secure, a leading provider of the VPN networks, which allow workers to work from home.
Pulse was reported to have of vital and security-sensitive companies such as Schiphol, Shell, Boskalis, defence company IAI, as well as the justice ministry and the national air traffic control service.
Despite warnings from IT security watchdog NCSC, the companies failed to install the software developed to close the leak when it was told of the problem in April, leaving security compromised until the end of August. An estimated 140 companies have still not remedied the situation.
It emerged on Monday that a similar leak at Fortigate’s VPN networks had been fixed in May. However, hundreds of other companies and institutions have not had their systems secured.
The NCSC said it was highly likely the leak would be exploited, leading to potentially enormous damage. It warned the companies involved following the revelations, but the watchdog has no legal tools to force companies to take action.
The consequences of the leak are very serious because of the number of companies that provide government service, ESET Nederland CEO Dave Maasland told NPO Radio 1, but he warned that the list contains many small and medium-sized companies who are extra vulnerable because their IT security is less likely to be up to date.
slamservice.info has been free for 13 years, but now we are asking our readers to help. Your donation will enable us to keep providing you with fair and accurate news and features about all things Dutch.
Donate via Ideal, credit card or Paypal.