“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said in a statement, adding that the company had not found evidence that its services or customer data were accessed. “Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”
Microsoft disclosed in a blog post Thursday that more than 40 of its customers across eight countries were running the software impacted by the hack, with 80% of them in the United States. Microsoft is working to notify the organizations affected, its president, Brad Smith, said in the post.
“Every organization [and] company should be concerned because they must assume their networks are breached and the adversary is monitoring and observing their actions,” Kiersten Todt, a former cybersecurity official in the Obama administration and managing director of the Cyber Readiness Institute, told CNN Business.
“Companies will need to do clean-up similar to a hurricane,” she added. “It is going to be expensive and extensive — companies are going to have to identify what has been breached and what, if anything, remained stable.”
Comcast said in a statement it is “conducting a thorough internal review” to investigate its systems for any sign of compromise, but doesn’t have reason to believe its data has been compromised.
Likewise, Visa conducted an internal review and said it was in the clear for now. “Security is paramount at Visa and we will continue to monitor the situation closely,” the company said in a statement.
AT&T, which owns CNN’s parent company WarnerMedia, declined to comment. McDonald’s and Mastercard did not immediately respond to requests for comment.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.