U.S. government agencies and private organizations were hit by a “global intrusion campaign” of cyber-attacks that exploited a flaw in an update from a SolarWinds product that many stakeholders use for network management. It’s believed the breach started months ago. Some multifamily firms are likely to have been impacted and should take immediate steps to identify vulnerabilities and secure their systems.
“We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain,” cybersecurity firm FireEye said in a post late Sunday. “This compromise is delivered through updates to a widely-used IT infrastructure management software -- the Orion network monitoring product from SolarWinds.”
The breach could be the worst in many years given that SolarWinds sells products to a wide range of organization hosting highly sensitive data. The State Department, the Centers for Disease Control and Prevention, the FBI, the U.S. military, and 425 corporations out of the Fortune 500 are all listed as SolarWinds customers according to the company’s website and government data.
Government authorities are still getting a handle on the scope of the breach, its list of victims, and if the hackers are still active in victim networks. FireEye provides more details in their analysis here.
NMHC will continue to keep members apprised of data breaches that could impact the industry. To stay up-to-date on all breaches, please subscribe to NMHC Cyber Alerts here
- Legislation that Creates Federal Data Privacy Standard Advances to Senate
- NMHC NAA Data Privacy Letter to Energy and Commerce Committee
- NMHC NAA Comments to FCC on Digital Discrimination
- NMHC NAA Letter on Data Privacy
- Bipartisan Lawmakers Release Federal Data Privacy Bill That Would Have Impact on Multifamily Data Practices