Wind River Systems’ embedded device software vendor has begun advising workers of a privacy breach that culminated in a third party stealing their personal information.
TPG Capital’s wholly owned subsidiary, headquartered in Alameda, California, produces runtime applications, middleware, industry-specific software, development platforms, and simulation technologies. The Wind River Linux operating system and the VxWorks real-time operating system compose its software line.
A copy of the data breach report filed by the organisation with the Attorney General of California shows that the recently discovered security event took place on or near September 29, 2020.
“The letter sent to staff reads: “Our external consultants recently found that some of your personal information may have been accessible inside one or more files that were accessed from our network on or around September 29, 2020.
The organisation also notes that it has no evidence that the data stored in such files could have been misused and that these files have not been found to be shared publicly.
Wind River notes that the type of sensitive information stolen will vary and will include the details contained in the staff records of the organisation.
Therefore, leaked employee data may include birth dates, driver’s licence numbers, national identity numbers, social security numbers, social insurance numbers, passport or visa numbers, health records, and/or financial account descriptions.
Wind River could not offer details about the number of workers impacted or how the infrastructure could be breached by the attackers.
For more information on the security incident, SecurityWeek has reached out to Wind River and will update this report as soon as a response arrives.