Accellion FTA Breached

The widely used secure file transfer service, Accellion File Transfer Appliance, was compromised by hackers this past December. Accellion posted a notice about the attack, and issued an update for the FTA service which addresses the flaws which allowed the hackers to gain access to data.


Two large law firms, Jones Day LLP and Goodwin LLP, have had data compromised by the Accellion breach. Data transferred by Jones Day to outside parties via Accellion was stolen by the Cl0p ransomware site, but the law firm's network was not actually compromised. In a report by Vice News, Cl0p claims to have take up to 5 GB of data from Jones Day.




Accellion FTA was vulnerable because it is currently near its 'End of Life' - support for Accellion will be discontinued on April 30, 2021. See the notice posted by Accellion here. Accellion has a different file transfer service, kiteworks, which has an entirely different code base - the source code is not the same as that used for Accellion FTA. See this notice.


So, if you receive a file transfer 'FTP' link that indicates it was 'Secured by Accellion', you may want to confirm that the sender has upgraded to Accellion kiteworks, or at least installed patches for FTA since January.