Trellix Confirms Source Code Breach With Unauthorized Repository Access

Source: The Hacker News

Breach Announcement

Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a “portion” of its source code. The company said it “recently identified” the compromise of its source code repository and began working with “leading forensic experts” to resolve the matter immediately. Law enforcement has also been notified.

Investigation Findings

Trellix did not disclose the exact nature of the data that may have been accessed. However, it pointed out that there are no indications that its source code has been affected or exploited.

“Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited,” the company added.

The company did not share details about who may be behind the incident or how long the attackers had access. Trellix noted that additional information will be shared as appropriate once the investigation is complete.

Company Background

Owned by Symphony Technology Group, Trellix was founded in January 2022 following the merger of McAfee Enterprise and FireEye. Around the same time, Mandiant—formerly owned by FireEye—was acquired by Google in a deal worth $5.4 billion.

The Hacker News has reached out to Trellix for comment and will update the story if more information becomes available.

(This is a developing story. Please check back for more details.)