Comment - Whistle-blower claims Ubiquiti Networks data breach was ‘catastrophic’
A story has broken overnight which found that a whistle-blower involved in the response to a data breach suffered by Ubiquiti Networks has claimed the incident was downplayed and could be described as "catastrophic." On January 11, the networking equipment and Internet of Things (IoT) devices provider began sending out emails to customers informing them of a recent security breach. The company said that someone had obtained "unauthorized access" to Ubiquiti systems hosted by a "third-party cloud provider," in which account information was stored for the ui.com web portal, a customer-facing device management service.
The comment from Richard Hughes, Head of Technical Cyber Security at A&O IT Group:
“The statement from a whistleblower that Ubiquiti Networks downplayed a cyber attack risking the security and potentially safety of their clients to protect their stock value is deeply concerning and if proven true must be met with the most severe penalties to serve as an example to other organisations that this is not acceptable behaviour. When faced with cybersecurity risk it is important to act quickly to remediate issues and protect your environment, but Ubiquiti customers may not have been afforded this option if these claims are true. It is not clear if the whistleblower has provided any evidence to back the claims and so it is impossible to draw any conclusions at this time as to the validity of this claim but some organisations will find it acceptable to prioritise their interests ahead of those of their customers, but this is ill-advised. This behaviour is at best unethical and in many cases illegal and has the potential to do far more damage to the reputation and therefore the stock value of an organisation than open and honest disclosure.”