Commvault, a number one supplier of information safety options, says a nation-state menace actor who breached its Azure setting did not acquire entry to buyer backup information.
Listed on NASDAQ since March 2006, Commvault is included within the S&P MidCap 400 Index and offers cyber resilience companies to overĀ 100,000 organizations.
As the corporate first revealed on March 7, 2025, Commvault found the incident after being notified by Microsoft on February 20 of suspicious exercise inside its Azure setting. A follow-up investigation into the breach discovered that the incident solely affected a small variety of Commvault prospects and had not impacted the corporate’s operations.
“Importantly, there was no unauthorized entry to buyer backup information that Commvault shops and protects, and no materials affect on our enterprise operations or our means to ship services,” Danielle Sheer, the corporate’sĀ Chief Belief Officer,Ā stated in a Wednesday replace.
“We’re working intently with two main cybersecurity corporations and are coordinating with the suitable authorities, together with the FBI, Cybersecurity and Infrastructure Safety Company (CISA), and others.”
In a help doc containing indicators of compromise, Commvault advises prospects to use a Conditional Entry coverage to all Microsoft 365, Dynamics 365, and Azure AD single-tenant App registrations to guard their information towards comparable assault makes an attempt.
It additionally beneficial to frequently monitor sign-in exercise to detect entry makes an attempt originating from IP addresses outdoors of allowed ranges and to rotate and sync consumer secrets and techniques between Commvault and the Azure portal each 90 days.
“This will help shortly establish potential safety breaches or account compromises. If any unauthorized entry is detected, instantly report the incident to Commvault Assist for additional investigation and remediation,” the corporate says.
The corporate additionally famous within the unique disclosure that the menace actors exploited a now-patched zero-day vulnerability (CVE-2025-3928) in its Commvault Internet Server software program that distant authenticated attackers with low privileges can exploit remotely to plant webshells heading in the right direction servers.
CISA has additionally added the CVE-2025-3928 vulnerability to its Recognized Exploited Vulnerabilities Catalog on Monday, requiring federal businesses to safe their Commvault software program by Could 19, 2025, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.
“All these vulnerabilities are frequent assault vectors for malicious cyber actors and pose important dangers to the federal enterprise,” CISA warned.
