File Sharing Incident Report - Updated February 25th 2020
Transmit Security is a software solution used by organizations across the globe to orchestrate different identity-related processes inside their applications. To support its business customers, Transmit operates a few support systems. One of these systems is a file sharing portal offered by a third party. This portal is outside of Transmit’s regular systems and is used simply to transfer files between Transmit and its business customers. The typical type of files shared in the portal are non-confidential files that allow Transmit customers and prospects to install the Transmit software in their environment.
Transmit customers and prospects can access the file sharing portal using a username and password. The username is the email address of the user and the password is set by the user. Once logged into the portal, users can see files that Transmit shared with them and also upload files to share with Transmit.
As previously reported, Transmit recently became aware that an unauthorized third party gained access to the file sharing portal. Shortly after becoming aware of the incident, Transmit shut down the portal, and engaged its incident response team who has been working with external experts to review the incident.
Based upon our review to date, the incident did not affect Transmit’s systems but was contained to the third-party portal. The portal at issue was a standalone system and did not contain any of the following: production application information from production environments, keys, certificates, and secrets used to protect customer environments, credentials to customer environments, or source code for the Transmit software.
Rather, the vast majority of information in the portal contained data such as installation files and demonstration materials regarding the Transmit software. The affected data may also include a partial list of our business customer users who had access to the drive, a few log files generated by the Transmit software for debugging purposes, and a small number of customer support tickets that do not contain confidential information, for help with various software-related issues.
Transmit’s review is ongoing and we will update you as appropriate.