SA40662 - Pulse Workspace data exposure

A data exposure issue was discovered by a third party security research group where access to a small section of Pulse Secure customer data store on a recognized cloud service provider during the period of 11 AM to 2 PM on March 16, 2017.  During this three-hour period, Pulse Secure has no evidence that any other parties accessed this data.  

Pulse Secure has notified all customers of the exposure in a separate communication.  

This is an official joint disclosure with the third party vendor, Appthority.

What information was involved?

The accessible information consisted of the following data:

• Full Employee Name
• Email addresses
• Phone numbers
• PIN reset tokens
• Passcode lengths
• Account dates
• Last seen dates
• Device Information (IMEIs , OS Version and carrier info)
• Applied Security Policy Information: Enterprise VPN Certificate Data for the user’s employer

Pulse Secure takes data security very seriously.  Pulse Secure worked closely with the third party vendor to ensure the data is no longer exposed and have taken additional measures to prevent this issue from occurring in the future.

Recommendations:

While no passwords were exposed, Pulse Secure would recommend that those individuals who had their email address exposed reset their passwords to ensure a strong password is associated with the affected email address.