US Cyber Agency Warns of Compromise at Sisense Data Firm

The US lead agency for federal cybersecurity is warning that Sisense Inc., a data analytics company, has suffered a compromise that could expose customer credentials and cryptographic secrets.

Sisense provides AI-driven analytics to thousands of customers, according to the company’s LinkedIn page. Sisense, which started in Israel in 2004, is now headquartered in New York and also has offices in London.

The Cybersecurity and Infrastructure Security Agency said it is “taking an active role” collaborating with private industry partners to respond to the incident. It said independent security researchers discovered “a recent compromise.” The exact nature of the incident wasn’t immediately clear.

The compromise was earlier reported by the security journalist Brian Krebs.

Cybersecurity experts have warned that exposed credentials could put company data at risk. Dave Kennedy, founder of cybersecurity companies Binary Defense and TrustedSec, said in a post on X that the compromise was in the early stages and the extent of the impact was still unknown.

CISA, a unit of the Department of Homeland Security, is warning companies to reset their credentials and cryptographic secrets that are used to access Sisense services or may have been exposed. It also urged companies to report any suspicious activity involving those credentials.

A company spokesperson declined a request for comment.

Top photo: A person types at a backlit keyboard arranged in Danbury, U.K., on Thursday, Jan. 7, 2021. In the spring, hackers managed to insert malicious code into a software product from an IT provider called SolarWinds Corp., whose client list includes 300,000 institutions.