A data exposure issue was discovered by a third party security research group where access to a small section of Pulse Secure customer data store on a recognized cloud service provider during the period of 11 AM to 2 PM on March 16, 2017. During this three-hour period, Pulse Secure has no evidence that any other parties accessed this data.
Pulse Secure has notified all customers of the exposure in a separate communication.
This is an official joint disclosure with the third party vendor, Appthority.
What information was involved?
The accessible information consisted of the following data:
- Full Employee Name
- Email addresses
- Phone numbers
- PIN reset tokens
- Passcode lengths
- Account dates
- Last seen dates
- Device Information (IMEIs , OS Version and carrier info)
- Applied Security Policy Information: Enterprise VPN Certificate Data for the user’s employer