The US Cybersecurity & Infrastructure Security Agency (CISA) reported on April 11 that data belonging to customers of data analytics company Sisense was recently compromised. CISA urged all Sisense customers to change their passwords and report any suspicious activity in their accounts to the agency.
“CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services,” the cybersecurity agency said in its alert.
“CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations. We will provide updates as more information becomes available.”
The chief security officer of Sisense reiterated CISA’s advice. “Out of an abundance of caution, and while we continue to investigate, we urge [our customers] to promptly rotate any credentials that [they] use within [their] Sisense application.”
The CISA alert reflects the potential seriousness of the breach of Sisense customer data. Sisense is a business intelligence software company that has worked with many large American companies whose operations are considered “critical infrastructure.”
Nasdaq, ZoomInfo, Verizon, and AirCanada are among the 2,000 customers Sisense has worked with over the last two decades. Exactly which customers were affected by the recent data breach was not disclosed.
Sisense was founded in Israel in 2004 but is now headquartered in New York City. It also has offices in London and Tel Aviv.
CISA and Sisense did not reveal who may have been behind the cyberattack. Last year, however, a North Korean hacking entity was believed to be responsible for an attack on several critical infrastructure organizations, including two power suppliers — one in the US and one in Europe.