No customer confidential information and/or chats were exposed
October 6th, 2022, Vancouver, B.C – On September 29th, 2022, a security incident related to the Comm100 Agent Console desktop application was identified and mitigated by Comm100 security engineers. Although Comm100 has determined that no customer confidential information and/or chats were exposed during the incident, technical details about impacted computers may have been exposed, including:
Comm100 has determined the exposure window to have been limited to Windows computers running the Comm100 Agent Console Windows desktop application version v.10.0.8, between 11pm on September 27th, 2022 and 8am September 29th, 2022 PST. Windows users using v.10.0.8 of the Agent Console during the exposure window were exposed to a trojanized version of the application that exposed the above system information and may have installed additional malicious files. Information about the trojan and how to remove it can be found here.
The following were not impacted:
Full mitigation of the incident (including threat quarantining and removal, security hardening of build and processing environments, and publishing a patch Agent Console Windows software v.10.0.9 which fixes the issue) was completed by Comm100 engineers on 8am September 29th, 2022 PST.
The root cause of the incident was determined to be a compromised Windows packaging server; conditions which led to compromise have been identified and remediated as part of Comm100’s security incident response process.
Organizations and users recognized by Comm100 as affected by the incident (~2% of Comm100’s install base) were promptly notified and provided with information necessary to identify and eliminate the risk.
The PCI and HIPAA compliance status of the processing environment has not been affected by the incident, and all material data processing remains in compliance with applicable laws, regulations, and standards.
Comm100 regrets any inconvenience resulting from this incident. Resilient and relentless, the Comm100 team has used this as an opportunity to learn and optimize and continues its ongoing commitment to data security, trust, and safety. For any questions relating to this matter, do not hesitate to email us at email@example.com.
Comm100 is a global provider of digital omnichannel customer engagement software for education, government and commercial organizations of all sizes. With Comm100, organizations can provide excellent digital customer experiences through configurable, value-driven live chat, secure messaging, AI powered bots and automation within one integrated console. Comm100 is powered by zero downtime, the highest standards in security, and AI automation, ensuring customers get answers anytime, anywhere. To learn more about Comm100, visit: www.comm100.com
Content Manager, Comm100