Accellion failed to notify its customers about the zero-day vulnerability in the file transfer application (FTA) and associated cyber-attacks. The bad actors targeted the security error in it, reveals a recent study by KPMG.
FTA, the large file transfer service was retired in the end of April 2021, after 20 years. Earlier, Accellion found a critical vulnerability in its service and many hacking attempts targeting the flaw.
As per KPMG, “We have not sighted evidence that the vendor informed the Bank that the System vulnerability was being actively exploited at other customers. This information, if provided in a timely manner is highly likely to have significantly influenced key decisions that were being made by the Bank at the time.”