Software company OSIsoft warned employees, interns, consultants and contractors that all domain accounts have likely been compromised as a result of a data breach.
OSIsoft provides real-time data management solutions and it’s best known for its PI System product. The company has over 1,000 employees and its product has more than 20,000 deployments across 127 countries.
In the breach notification submitted last week to the Office of the Attorney General in California, OSIsoft revealed that hackers used stolen credentials to remotely access some of its systems. While the company has found evidence of malicious activity on 29 devices and 135 accounts, it believes all OSI domain accounts are impacted.
OSIsoft says the investigation into the incident continues. When companies submit breach notifications to the Office of the Attorney General, they are asked to specify when the breach took place – if the information is known. Interestingly, OSIsoft listed eight different dates between March 23, 2017, and July 26, 2018, which suggests that the attackers may have had access to its systems for well over a year.