You are here

SolarWinds Data Breach - Vendor Actions

February 22, 2021

In collaboration with Consortia Canada, BC ELN have contacted all vendors of BC ELN, eHLbc, and ConCan licenses to learn whether they and their products are impacted by the December and January security breaches at SolarWinds. Details on the breaches can be found here: https://www.solarwinds.com/securityadvisory

All current BC ELN and eHLbc vendors have been contacted, as well as some others whose products our partner libraries might subscribe to (thanks to CRKN). Responses from vendors that have been affected are recorded below. Vendors not listed on this page have responded to say they were not affected by the breach.

Affected vendors and responses:

Economist Intelligence Unit

The Economist Group (parent company of the Economist Intelligence Unit) was operating an affected version of the SolarWinds tool. As soon as we learned of the issue, we shut down the affected server as per US Government guidance, and this server has not been and will not be re-attached to our network. We carried out system checks in line with recommendations from SolarWinds and CISA and found no evidence that the affected system or any of our networks were breached, and we continue to monitor and act on the evolving guidance available.

Gale - Cengage Learning

On December 13, 2020 we were made aware that Cengage, like an estimated 18,000 other entities, was running a compromised version of SolarWind’s Orion. After learning of this from the Cybersecurity and Infrastructure Security Agency (CISA) alert, we immediately isolated our Orion environment and began using the information provided by CISA, FireEye, and our security partners to search our environment for known signs of malicious activity. In the course of this investigation, no indication of malicious activity was found. We have subsequently moved to a updated, uncompromised version of Orion and continue to monitor our environment closely.
 
This increased monitoring is part of Cengage’s ongoing efforts to safeguard the privacy and security of the information entrusted to us, as we continue to implement and refine our measures aimed to prevent security incidents.

JSTOR

We have deployed SolarWinds in the past but on the day of the announcement of the vulnerability to SolarWinds; we immediately upgraded the platform to address that vulnerability. We have not detected any anomalous network traffic, and we have a game plan to completely reconstruct the host in short order.

OCLC CANADA

SolarWinds notified OCLC on December 13 that SolarWinds’ services had been compromised by a complex software hack.

OCLC uses SolarWinds’ Orion, a network monitoring service, to monitor internal network traffic and services. OCLC immediately shut down its instance of Orion as recommended by the vendor, the FedRAMP Program Management Office, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

OCLC uses Orion to monitor internal network traffic; it is not internet facing. Shutting down the service will have no impact to OCLC customers.

OCLC has not detected any indication of compromise to our systems or services. We are committed to protecting the integrity of our customers’ data. OCLC’s Global Technology team continues to investigate using state-of-the-art tools and explore new ways to identify and block any possible path that could be used to exploit our systems.

CISA recently validated OCLC’s remediation efforts and closed a previously open ticket with them regarding the matter. More information on this issue and the steps taken by OCLC in response can be obtained at https://cyber.dhs.gov/ed/21-01/.


ProQuest

We are a SolarWinds customer and immediately quarantined our installations across PQ, EXL, and III once we were notified of the threat. We subsequently rebuilt the environments using the SolarWinds updates without incident. There is no evidence of any compromise of our or our customers' data.
 
Please let me know if you have any further questions and I’ll direct you to the appropriate contact for additional details.

Sage

SAGE Publications, Inc. takes seriously its obligations to ensure the privacy and security of customer data and to share applicable information with customers in relation thereto upon request.

SAGE is closely monitoring developments in the cyberattack that came to light in December 2020 impacting Orion, an IT inventory management software produced by SolarWinds. The vulnerability could allow an attacker to compromise the server on which the Orion product runs.

SAGE confirms that it did install an infected version of the SolarWinds software on two SAGE servers. The servers were promptly rebuilt per security recommendations once SAGE determined that the attack affected these servers. A subsequent scan by SAGE’s third-party Managed Detection and Response (MDR) vendor confirmed no suspicious activity had occurred while the infected version was operative. SAGE is not aware, to the best of its actual current knowledge, that the vulnerability was exploited or that a data breach occurred.

SAGE is committed to maintaining the administrative, physical, and technical controls necessary to secure its data. Although the Orion cyberattack appears to have targeted US government agencies and other select organizations, we will continue to monitor for any consequences from it as SolarWinds continues to work with law enforcement, intelligence, and other government agencies in their continuing investigation.

Thank you for your confidence in SAGE.

Springer

No word from our IT department on whether we were effected by the Solar Winds hack.  They’re a very communicative department, so I can safely say that we weren’t knowingly hacked. 

Not yet responded:

  • Association for Computing Machinery
  • Canadian Pharmacists Association (CPhA)
  • Harbour Publishing
  • HRAF (Yale University)
  • Johns Hopkins University Press
  • MarketLine
  • Primal Pictures
  • Productions Cazabon
  • Statista
  • University of Chicago Press