Imperva chief executive officer Chris Hylen resigned from the company last October 21, 2019. Hylen’s resignation comes two months after the massive data breach which impacted thousands of customers.
In a confirmation statement to Calcalist, a spokesperson said Chris Hylen resigned from his role in the company. The spokesperson also said, “This decision was mutually made by Mr. Hylen and the Thoma Bravo board.”
Although Hylen handed his resignation 11 days after acknowledgment of the breach, Imperva remained compromised in its position.
Following Hylen’s departure, CRN reports Charles Goodman will take over as interim CEO for the business. Meanwhile, the Israeli business will continue its search for a “new permanent CEO to lead Imperva.” Goodman’s position as the interim CEO has already been updated on the website.
Brief Background
Last August 20, 2019, the cybersecurity firm released a report detailing a security breach that affected the company. The breach left thousands of customer information stolen by attackers. This incident allowed hackers to steal email addresses, hashed and salted passwords, API keys, and SSL certificates, says Tech Target.
The company statement revealed Imperva only learned about the incident on the same day. A third-party provided reportedly reached out to inform the business about the data breach.
According to ZD Net, Imperva blames Amazon Web Services (AWS) for the security breach. Based on the company statement, the hacker allegedly gained access to the database from an API key. The unprotected internal system contained the AWS API key, leading the hacker to steal its contents.
Following the hacker’s access to the API key, attacks were made on the cloud infrastructure says ZD Net.
Upon notification, approximately 13,000 individuals changed their passwords.
Actions Taken
After updating customers on the breach, the cybersecurity firm also took the appropriate corrective actions. These include enhanced security access controls, stricter auditing of snapshot access, and rotating credentials and credential management processes. Based on its blog post, the company also increased its infrastructure scanning facilities.
To further secure customer information and company control, the cybersecurity firm urged customers to change their passwords. Imperva also advised its customers to use Single Sign-On (SSO) as well as enable two-factor authentication. API keys must also be reset and SSL certificates should be renewed.
Customers concerned over their accounts with the cybersecurity firm are asked to reach out to their email address securityincident@imperva.com.
While CRN reached out to Imperva and Hylen, both parties reportedly declined requests for a statement.
