CISA alerts Sisense breach that possibly exposed customer data

Westend61/Getty images

An internal company note appears to show some firm info may have been exfiltrated.

Data analytics provider Sisense’s customer data may have been compromised in a breach, and DHS’s Cybersecurity and Infrastructure Security Agency alerted to the incident on Thursday.

“CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers” impacting the company, “especially as it relates to impacted critical infrastructure sector organizations,” the agency wrote.

A source familiar with the investigation told CyberScoop the incident may be connected to a broader supply chain attack. The company did not immediately respond to a request for comment.

The firm offers data analytics services across multiple sectors including banking, technology, HR, pharma and healthcare, according to its website. It also services major firms, including Verizon and Nasdaq. Sisense customers are urged to report  any suspicious activity “involving credentials potentially exposed to, or used to access, Sisense services,” CISA said.

Independent cybersecurity journalist Brian Krebs posted an image on Wednesday appearing to show an internal alert message from company CISO Sangram Dash. Krebs wrote: “I’m hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants.”

“We are aware of reports that certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet),” the note said. “Out of an abundance of caution, and while we continue to investigate, we urge you to promptly rotate any credentials that you use within your Sisense application,” it added.