Trellix confirms data breach after source code theft

Cybersecurity firm Trellix has confirmed a data breach after unauthorized actors gained access to a portion of its source code repository. The company, formed in October 2021 through the merger of McAfee Enterprise and FireEye, serves more than 50,000 business and government clients worldwide and protects over 200 million endpoints.

In an official statement updated Monday, Trellix said it is actively investigating the incident with the help of outside forensic experts. So far, the company has found no evidence that the attackers have exploited or altered the source code they accessed.

“Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it,” the company said. “We have also notified law enforcement. Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited.”

A Trellix spokesperson shared the same statement when BleepingComputer sought additional details, including when the breach was detected, whether corporate or customer data was stolen, or if a ransom demand had been made. Although Trellix has not yet responded to a follow-up email, the company stated it intends “to share further details as appropriate” once the investigation concludes.

Trellix is not the first cybersecurity company to face a breach this year. In recent weeks, Checkmarx confirmed that the LAPSUS$ hacking group leaked data from its private GitHub repository. Cisco also disclosed that attackers breached its internal development environment and stole source code using credentials compromised in the Trivy supply chain attack. Additionally, HackerOne notified hundreds of employees in March that their personal information was stolen after attackers hacked Navia, one of its U. S. benefits administrators.