Information regarding cyberattack incident
Security incident in a third-party software program (MOVEit)
We have recently discovered a security incident in a third-party software program (MOVEit) which we use to transfer files to external partners in a secure way, where unauthorized access to a certain limited DESMI data related to few external partners where obtained. We are currently informing the relevant external partners directly about this incident.
As soon as we became aware of the incident, we immediately took steps to secure the system and started investigating the breach.
MOVEit is a standalone system and not part of DESMI core IT infrastructure. We have strong indications that the criminals have not escalated the attack to other DESMI IT services. To ensure evidence we have engaged a leading Danish IT security company to verify our indications. We expect to have a conclusion ready early next week (week commencing 31st July 2023).
The post incident forensic investigation is still ongoing, and the first results support our indication that this security incident is limited to MOVEit and did not affect any other DESMI IT systems and data. The investigation is expected to be completed by Tuesday 1st August 2023, where next update is expected to take place.
The post incident forensic investigation is now completed. The incident was limited to the MOVEit data transfer solution, and no other IT services was compromised by the attack.
No further updates regarding this security incident.
In case you need more information, please do not hesitate to contact DESMI at security (at) desmi.com or Henrik Buss below.