As you may have seen in the news, software vendor Kaseya has announced that between 800 and 1,500 businesses have been compromised by a ransomware attack connected to their business. Kaseya said in a statement that approximately 50 of its direct customers were breached in the attack but hundreds more were affected because many of Kaseya’s customers provide IT services to other businesses. REvil, the attacker, has demanded a $70 million payment in Bitcoin for a decryptor tool to restore the businesses’ data.
If you’re a SparkPost customer, you might be wondering if we were affected. Fortunately, we were not.
The vast majority of companies rely on vendors as part of their core business. Vendors are an extension of any business, and if not properly vetted, those vendor’s risks, weaknesses, security practices, vulnerabilities and lack of maturity become their customer’s liability by doing business with them.
SparkPost will continue to rely on vendors within our products and back office to provide the best possible customer experience and to run our business. There are proven, standard ways to reduce vendor-associated risks. Vendor Management and Vendor Security reviews are a key way to protect SparkPost from unexpected adverse events. The hardest thing to fix post-breach or incident is our reputation. As a vendor to enterprise customers, we are obligated to demonstrate and practice the security, compliance and business risk maturity that we expect of our vendors to our customers.
As always, if you have any questions or concerns, please submit a support ticket or reach out to your assigned Technical Account Manager or Customer Success Manager.