"Chemical Facilities Warned of Possible Data Exfiltration Following CISA Breach"
The US Cybersecurity and Infrastructure Security Agency (CISA) recently revealed that its Chemical Security Assessment Tool (CSAT) was breached by a malicious actor and warned chemical facilities that sensitive data may have been exfiltrated. CISA noted that the attackers exploited a zero-day vulnerability in an Ivanti Connect Secure appliance to infiltrate CSAT from January 23 to 26, 2024. While there is currently no evidence of exfiltration of this data, CISA has informed individuals whose personally identifiable information (PII) was submitted to the program for vetting or who had a Chemical-terrorism Vulnerability Information (CVI) Authorized User account that their information may have been inappropriately accessed. This includes PII of facility personnel and unescorted visitors who had or were seeking access to restricted areas and critical assets at high-risk chemical facilities. These individuals' PII are required to be submitted through CSAT for vetting purposes. PII information potentially exfiltrated by the attackers includes name/aliases, place of birth, citizenship, redress number, and global Entry ID. Account information potentially exfiltrated by the attackers are business names, titles, addresses, and phone numbers.