Fortinet discloses data breach involving Asia-Pacific customers via third-party service

International cybersecurity leader Fortinet has revealed a data breach stemming from unauthorized access to a third-party cloud-based file-sharing service, impacting some of its Asia-Pacific customers. The California-based firm, with a valuation of US$60 billion, ranks as the third-largest cybersecurity provider globally, following Palo Alto Networks and CrowdStrike. Fortinet supplies endpoint security, firewalls, and other cybersecurity solutions to organizations and government agencies worldwide, including Australia.

In a statement, Fortinet confirmed that a threat actor gained access to a limited number of files on its third-party cloud-based shared drive, compromising data related to a small number of customers. “To date, there is no indication that this incident has resulted in malicious activity that has affected any customers. Fortinet’s operations, products, and services have not been impacted,” a company spokesperson said.

The breach, which affected customers in the Asia-Pacific region, has raised concerns about the potential scope of the incident. The Australian Department of Home Affairs acknowledged it was aware of the breach but provided no further details. “The National Office of Cyber Security is aware of reports regarding a potential cyber incident impacting Fortinet and stands ready to assist if required,” Home Affairs said.

The nature of the breach, including the identity of the threat actor and whether any sensitive government or critical infrastructure data was compromised, remains unclear. According to sources cited by Capital Brief, the breach occurred last month, but Australian authorities only recently became aware of it. While the breach has not affected Fortinet’s overall operations, the incident highlights ongoing challenges for cybersecurity firms in managing third-party service risks.

Fortinet’s strong involvement in Australia’s cybersecurity landscape has been notable, including its contributions to the 2023–2030 Australian Cyber Security Strategy. The firm emphasized its role in safeguarding critical infrastructure and enhancing the nation’s resilience against cyber threats. Fortinet is also certified for use by the Five Eyes intelligence alliance and has invested heavily in Australia’s defense and federal markets.