CISA discloses Sisense breach, customer data compromised

CISA disclosed a breach at Sisense and urged users to reset their credentials, but the data analytics vendor has not yet publicly addressed the incident.

In an alert on Thursday, CISA revealed it's working with private partners to investigate a Sisense breach that affected customer data. CISA credited unnamed independent researchers for discovering the compromise, which might have affected customers' credentials and secrets used to log in to Sisense services.

In addition to resetting credentials, CISA also urged enterprises to investigate and report any suspicious activity related to Sisense services access. It remains unclear how many individuals were affected by the breach or why CISA was the first to disclose the incident.

"CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations," CISA wrote in the alert.

A variety of industries including healthcare, technology, manufacturing and finance use Sisense's AI and machine learning-driven analytics tool to collect and analyze data. Sisense customers include Nasdaq and Air Canada, according to the vendor's website.

Cybersecurity reporter Brian Krebs first reported a possible incident at the company on Wednesday in a Mastadon post, which included an internal message that Sisense CISO Sangram Dash reportedly sent to customers. Dash confirmed Sisense is aware of the breach reports and that an investigation is ongoing. Like CISA, Dash also instructed customers to reset their credentials.

Krebs also addressed supply chain concerns and the potential attack scope, saying the breach could affect millions of credentials.

Software supply chain risks have been on the rise recently. Over the past two months, Checkmarx discovered two different attack campaigns where a threat actor tricked developers into downloading malicious code from GitHub repositories. In addition, a backdoor was discovered in XZ, a widely used compression library, that had been placed in several Linux distributions.

The SolarWinds breach, which was reported in 2020, highlights how dire supply chain attacks can be for U.S. government agencies. Attackers hid malware in updates for SolarWinds' Orion IT management software, which attackers used to gain access to customers, including government agencies.

While Sisense has not confirmed or addressed the breach, infosec professionals expressed concern on social media. David Kennedy, founder of managed detection and response provider Binary Defense, highlighted the Sisense breach on X, formerly Twitter. He recommended that customers look for any unusual activity from April 5 to now and urged them to reset API keys used for Sisense services.

Cybersecurity professional Marc Rogers, co-founder and CTO for AI startup nbhd.ai, urged Sisense users to not "underestimate the risk" of this breach. He also gave a glimpse into the potential attack timeline and scope that may extend globally.

"If you are, or ever were a Sisense customers, treat this extremely seriously. Members of the cyber community and agencies all over the world have worked this over the last few days," Rogers wrote on X.

TechTarget Editorial contacted Sisense for breach confirmation but the company had not responded at press time. CISA declined to comment further.

Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.