MARKHAM, ONTARIO, December 29, 2020 – Sangoma Technologies Corporation (TSXV: STC), a trusted leader in delivering cloud-based Communications as a Service (“CaaS”) solutions, today provided an update regarding its investigation into the data breach announced on December 24, 2020.
To date, the Company’s investigation has confirmed that the attackers encrypted, copied, and published a significant number of confidential files relating to the Company’s financial information, its corporate development and M&A efforts, certain private employee data, as well as certain customer information and ordering history. While Sangoma’s investigation is still ongoing, there is currently no evidence that the compromised customer information includes bank account or payment card data.
The Company believes strongly that customers’ ability to use Sangoma products and services continues without interruption or issue. To date, the investigation has also uncovered no evidence that any of the Company’s products or services have been impacted by this cyber attack, nor is there any evidence that the code inside Sangoma’s products has been compromised or that the use of the products would create a security risk to a customer’s business. Nevertheless, as announced previously, and out of an abundance of caution, the Company continues to recommend that customers change their Sangoma passwords and that they continue to practice good security hygiene, including limiting remote access to only that which is necessary and monitoring for unauthorized access attempts.
Sangoma has taken immediate action to mitigate and manage the impact of this attack. The Company has retained a deeply experienced team of top third-party cybersecurity experts, is filing a report with law enforcement officials, and has also deployed additional security measures to assist in detecting and preventing any future attempts or incidents of unauthorized access to or malicious activity on its corporate network. The Company has also promptly notified all its employees of the incident and the possible impact on the security of their personal data, has provided them with actions they can take to protect that personal information from theft and misuse, and is putting in place 24 months of credit and dark web monitoring at the Company’s expense.
In addition, as the investigation progresses, the Company will be proactively and directly contacting any specific customers, and other third parties, whose data has been compromised in order to provide further information and appropriate support.
“On behalf of the entire management team and board at Sangoma, I sincerely apologize to our customers, employees, partners and all other stakeholders for the stress and inconvenience caused by this cyber attack. This has admittedly been a challenging time for our Company. We’ve built a strong and trusted reputation with the investor community and while this incident is certainly embarrassing, I’m committed to maintaining full transparency in our reporting of it, and I fully expect to emerge from it stronger than ever,” said Bill Wignall, President and CEO of Sangoma. “We have been working around the clock throughout every day of this holiday period and will continue to do exactly that. At the same time, I want to be completely clear that this incident has had no impact on our corporate strategy or execution. We continue to maintain normal operations, and we remain as focused as ever on building our CaaS cloud-based solutions, winning new subscribers, supporting our valued customers, delivering sustainable growth for our shareholders, generating profitability and cash flow, and executing on the exciting opportunities that exist in our acquisition pipeline.”
Sangoma is committed to providing its stakeholders and the public with further updates of factual and accurate information as it becomes available and appropriate to share in light of the active, ongoing investigations.