The US cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.
In a brief statement Thursday, CISA said it was responding to a “recent compromise” at Sisense, which provides business intelligence and data analytics to companies around the world.
CISA said it urges Sisense customers to “reset credentials and secrets that may be exposed to or used to access Sisense services” and report any suspicious activity related to the use of compromised credentials to the agency.
The exact nature of the cybersecurity incident is unclear.
Founded in 2004, Sisense develops business intelligence and data analytics software for large companies, including telecommunications companies, airlines and technology giants. Sisense’s technology enables companies to collect, analyze and visualize large amounts of their corporate data by directly leveraging their existing technologies and cloud systems.
Companies like Sisense rely on the use of credentials such as passwords and private keys to access a customer’s various data stores for analytics purposes.
With access to these credentials, an attacker could also potentially access a customer’s data.
CISA said it is “taking an active role in working with private industry partners to respond to this incident, particularly in the context of affected organizations in the critical infrastructure sector.”
Sisense customers include Air Canada, PagerDuty, Philips Healthcare, Skullcandy and Verizon, as well as thousands of other organizations worldwide.
News of the incident first emerged on Wednesday after cybersecurity journalist Brian Krebs published a note from Sisense’s chief information security officer, Sangram Dash, asking customers to “recover all credentials you use in your Sisense application , switch”.
Neither Dash nor a company spokesperson responded to an email from TechCrunch.
Israeli media reported in January that Sisense had laid off about half of its employees since 2022. It is unclear whether the layoffs have had an impact on the company’s security posture. Sisense has raised nearly $300 million in funding from investors including Insight Partners, Bessemer Ventures Partners and Battery Ventures.
Do you know more about the Sisense breach? To contact this reporter, contact us via Signal and WhatsApp at +1 646-755-8849 or email. You can also send files and documents via SecureDrop.