A cybercriminal stole proprietary client reports from Forrester Research after stealing valid user credentials for the firm's site.
The scope of the attack was limited to the reports, according to an Oct. 6 company blog post however, the information in which they contained could be used to give the attacker knowledge on what Forrester clients are working on and what products are about to launch.
The firm said preliminary forensic evidence suggests the attacker was eventually detected and shut out of the system and that law enforcement has been notified of the compromise.
The firm said it has strengthened its internal security processes and systems to prevent future incidents.
"We recognize that hackers will attack attractive targets—in this case, our research IP. We also understand there is a tradeoff between making it easy for our clients to access our research and security measures," George F. Colony, Chairman and Chief Executive Officer of Forrester said in a press release. "We feel that we have taken a common-sense approach to those two priorities; however, we will continuously look at that balance to respond to changing cybersecurity risk.”
The Forrester breach is another reminder that all data, particularly sensitive data, needs protecting by companies of all sizes and that data has become today's currency, AlienVault Security Advocate Javvad Malik told SC Media. He added that it is essential to have robust threat detection capabilities in place that can monitor and alert where unauthorized access is being attempted in order to take appropriate action.
“Unfortunately, Forrester's reputation for maintaining the security of market sensitive data could take a hit, depending on the severity of the attack,” Malik said.