Symantec refuted the claims of exposing the client data

Recent media reports have claimed that the cybersecurity giant Symantec has exposed the confidential data as well as the purported list of their major Australian clients during their demonstration process in Feb. 2019.

As per a report of Guardian Australia, hackers had targeted the Symantec accounts of many large Australian firms and major government departments of Australia. The hackers behind this breach also claims to be responsible for stealing information from Medicare program of Australia, and later posted that data for sale on dark web.

However, contrary to media reports, Symantec said that this is a "minor incident" and involved "an isolated, self-enclosed demo lab in Australia - not connected to Symantec's corporate network - used to [demonstrate] various Symantec security solutions and how they work together".

The incident has not been reported as Symantec concluded that "no sensitive personal data was hosted in or extracted from this demo lab, nor were Symantec's corporate network, email accounts, products or solutions compromised".

As per the claims, the purported clients list who have availed the Symantec's CloudSOC services were extracted by the hackers. That purported clients list includes Australian federal police, universities, major banks, retailers, and insurers, among others. Additionally, the stolen data have also included the passwords and account numbers of Symantec. However, the cybersecurity giant has refuted these claims, citing that these stolen data as false. Symantec said that data contained in exposed system were "dummy e-mails and a small number of low-level and non-sensitive files for demonstration purposes" in a demo lab, which were not used for the production purposes.

"This is an old list of some of the largest public and private entities in Australia - it was in the environment for testing purposes. These entities are not necessarily Symantec customers, nor do we necessarily host services for them," Symantec told Guardian Australia.

Many federal departments have confirmed that they don't use the Symantec's CloudSOC services, as well as do not store their information with Symantec.

A spokeswoman of Symantec said that they treated any kind of cybersecurity incident - irrespective of its severity or scope - with utmost priority, and also takes great caution to comply with laws of countries where they do business all over the world.

» SPAMfighter News - 7/3/2019