Security firm OneLogin, which provides single sign-on and other identity and authentication products, has suffered a data breach that it says likely affects all of its customers served by its data center in the United States.
In an email sent to customers, the company said that customer data was possibly compromised, but it didn’t specify what kind of data was affected.
“Today we detected unauthorized access to OneLogin data in our US data region. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident. We want our customers to know that the trust they have placed in us is paramount,” Alvaro Hoyos, CISO of OneLogin, said in a post explaining the incident.
In the email to customers, the company said it is still trying to determine exactly what happened and won’t be releasing any further details right now.
“Because this is still an active investigation involving law enforcement, there are certain details we can’t comment on at this time. We understand how frustrating this might be and thank you for your patience while we continue this investigation,” the message says.
OneLogin has pointed customers to a support page that instructs them on how to deal with the breach, including having users change their passwords, creating new certificates, and creating new OAuth tokens. The company has a wide range of customers, and one its site lists a number of colleges, school systems, law firms, and technology companies among its enterprise customers.
CC By-SA image by NASA.