PaloAlto Networks Discloses Confidential Security Information to Third Parties w/o customer consent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PaloAlto Networks Discloses Confidential Security Information to Third Parties w/o customer consent

L2 Linker

I just was emailed a Palo Alto Networks security report listing information on all of the wildfire submissions from our organization.   This email came from a vendor that we had never purchased Palo Alto products from and contained detailed information about our environment.

 

I was shocked and disturbed by this disclosure.  Support refered me to the Privacy Policy

 

https://www.paloaltonetworks.com/legal-notices/privacy

 

This privacy policy sure as heck does not seem to cover this case.   Has anyone else had this happen?    

 

Thanks,

John Wade

 

 

4 REPLIES 4

L7 Applicator

I can't comment on your specific situation without the details but I am guessing the communications you received falls under this section of the privacy policy.

 

Business Partners.

We may share Your Information with our business partners and channel partners so that they can provide you with information on our products or services, or follow up on a sales lead. If you do not wish to receive promotional emails from our partners, you can unsubscribe directly in the footer of the partner’s email to you.

 

Assuming the people contacting you were from a PAN partner/reseller and using the information about your usage as an opportunity to upsell other PAN products and services.

 

Many businesses will use transactional and other information to generate sales leads in this way for either interal sales teams and partners.  And in this time of Big Data with machine learning you can expect this to increase.  Some companies have a method to opt out of such activities.  You could explore that with your account manager or sales engineer.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Cyber Elite
Cyber Elite

@JohnWade,

 

I'm going to disagree with @pulukas on this being a partner staying within their lane. The partner can pull what devices you have and likely form a basic understanding of your network from that information. If your SE if leaving detailed account notes they may also know that you have a 7000 series as your primary firewall, 3200s seperating building, and 220s segmenting departments. There can be a lot of design information in your customer profile. 

What they shouldn't have been able to do is pull any WildFire submissions using what they have access to as a partner. This is the section that concerns me and one that you should investigate with your SE and account manager. A partner should neve recieve access to your WildFire enviroment if you have no working relationship with them. 

As I said, I can't comment on the specifics of the situation because I don't have the details and am not a PAN or partner employee so also don't know the procedures.

 

But I would start by assuming everyone is above board and asking the what/where/why of the account team as I mentioned.  In other words give people the benefit of the doubt as you gather more information to make a fully informed judgement.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Well, I am following up with Legal and our sales team.   It sure doesn't seem right to me.

  • 2951 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!