everythingpossible - Fotolia

Imperva CEO steps down following breach investigation

Chris Hylen unexpectedly stepped down as CEO of Imperva in the wake of a data breach involving cloud WAF customer data, though it's unclear if the two events are connected.

Imperva CEO Chris Hylen resigned as of Oct. 21, less than two weeks after the company's latest update into a data breach that occurred in August.

It is unclear if the data breach had anything to do with Hylen stepping down, but the timing leads to questions. Imperva first learned of the security incident on Aug. 20. In the breach, cloud web application firewall customer data was stolen, including email addresses, hashed and salted passwords, and API keys and SSL certificates for some.

In an update regarding the breach posted Oct. 10, Imperva CTO Kunal Anand admitted the breach occurred because an internal instance was left exposed, allowing a malicious actor to steal an AWS API key which was then used to access a database snapshot with user data.

It is unclear how many customers were affected, but Anand said remediation efforts led to customers changing "more than 13,000 passwords, rotating over 13,500 SSL certificates, and regenerating over 1,400 API keys."

Hylen reportedly turned in his resignation 11 days later and the company did not have a replacement ready. Imperva chairman of the board Charles Goodman will be acting CEO while a search is conducted for a permanent replacement.

According to a statement given to tech news site CTech, which first reported Hylen's resignation, it was a mutual decision between Hylen and the Thoma Bravo board for him to step down as Imperva CEO.

Thoma Bravo completed an acquisition of Imperva in January. At the time of the acquisition, Imperva wrote in a filing to the U.S. Securities and Exchange Commission that Hylen would stay on as CEO. In that same filing, Goodman was named to the board. 

Hylen was made president and CEO of Imperva in August 2017.

Dig Deeper on Security operations and management

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing