Time: Aug. 20, 2024, 11:59 a.m.

Status: Resolved

Update: This incident has been resolved.

Time: Aug. 20, 2024, 11:49 a.m.

Status: Monitoring

Update: The issue has been mitigated and we continue to monitor the situation.

Time: Aug. 20, 2024, 10:59 a.m.

Status: Monitoring

Update: A fix has been implemented, and latency is declining. We continue to monitor the situation as delays are still possible.

Time: Aug. 20, 2024, 10:25 a.m.

Status: Identified

Update: The issue has been identified and a fix is being implemented.

Time: Aug. 20, 2024, 9:14 a.m.

Status: Investigating

Update: We are currently encountering delays in sharing incidents from BigPanda to outbound integrations. We are currently investigating the issue.

Time: Aug. 7, 2024, 3:17 p.m.

Status: Resolved

Update: This incident has been resolved.

Time: Aug. 7, 2024, 3:07 p.m.

Status: Monitoring

Update: The latency is now resolved and our OIM service is fully operational. We are continuing to monitor.

Time: Aug. 7, 2024, 2:41 p.m.

Status: Monitoring

Update: A fix has been implemented and we are monitoring the results.

Time: Aug. 7, 2024, 2:23 p.m.

Status: Investigating

Update: The queue is now starting to clear and latencies dropping

Time: Aug. 7, 2024, 1:59 p.m.

Status: Investigating

Update: We are continuing to investigate. We have determined that this is not a complete outage in OIM as many events are still being processed. Only some events are being held in a queue.

Time: Aug. 7, 2024, 1:48 p.m.

Status: Investigating

Update: Some OIM events are queued and not making it to the BigPanda console. The team are engaged and we are currently investigating this issue.

Time: May 15, 2024, 1:48 p.m.

Status: Resolved

Update: This incident has been resolved.

Time: May 15, 2024, 1:32 p.m.

Status: Monitoring

Update: A fix has been implemented and we are monitoring the results.

Time: May 15, 2024, 1:25 p.m.

Status: Investigating

Update: Some users may be experiencing issues with user login. Our teams are engaged and investigating. <b>What's impacted?</b> User Login We are working to mitigate impacts to our customers as quickly as possible. Additional updates will be shared every 30 minutes or less as more details become available. We apologize for any inconvenience that this may be causing.

Time: May 31, 2024, 6:39 p.m.

Status: Resolved

Update: BigPanda Security Team has completed their investigation and the risk is contained, and we are considering this incident as resolved. As planned on May 28th 2024, we successfully reconnected Unified Analytics for the majority of our customers, and we continue to work with customers that have specific requirements. We are committed to full transparency with our clients and encourage you to contact us ([email protected]) if you have any questions or concerns.

Time: May 20, 2024, 9:18 p.m.

Status: Monitoring

Update: BigPanda was impacted by a security incident within a technology partner on Apr 11, 2024. We have completed an investigation and the risk is contained. With our commitment to transparency, we want to provide guidance and clarity about our plans moving forward. Background The breach started within a 3rd party vendor (Sisense) that BigPanda utilizes for the Unified Analytics dashboards. Full details can be found at https://status.bigpanda.io/ Both BigPanda and Sisense independently engaged external security specialists to conduct a forensic investigation of the incident. BigPanda is now confident that the risk is over. BigPanda will share an independent forensics statement with customers and provide an attestation that BigPanda’s platform is secure. We have also validated, with Sisense, that all necessary security measures were taken on their side. We can provide an attestation letter from Sisense as well. If you have any questions or concerns, we are available ([email protected]). Looking Forward With the incident behind us, we want to get our Unified Analytics service fully restored for customers ASAP. Here is our plan: Reactivation BigPanda will reconnect to the Sisense SaaS platform and re-enable Unified Analytics on May 28, 2024. This will be the default action for all customers. Early Access If you would like earlier access to Unified Analytics, BigPanda can reconnect individual accounts starting on May 23rd. To discuss this possibility, please contact [email protected] Opt-out If you do not wish to reconnect your organization's data to the Sisense SaaS platform, BigPanda will support that decision. To opt-out, please contact [email protected]. We will set up a call to discuss your concerns, build a unique timeline and discuss potential alternatives for your organization. Summary BigPanda takes operational security very seriously. The lessons from this incident will guide us to further harden both our technology and internal processes. We are committed to full transparency with our clients and encourage you to contact us ([email protected]) if you have any questions or concerns.

Time: April 18, 2024, 5:20 a.m.

Status: Monitoring

Update: We are continuing to monitor for any further issues.

Time: April 18, 2024, 5:19 a.m.

Status: Monitoring

Update: Following our latest notice on Saturday April 13th, 2024, we are writing to provide our Customers with an update on the latest available information regarding the Sisense Data Breach. On Tuesday April 16, 2024, BigPanda was informed by Sisense that the Breach involved Sisense data cubes. With this new information, we are finalizing a process to export the data that was compromised in the Sisense cubes and provide it to our Customers. We expect this process to be complete by the end of the week, at which time we will be able to schedule individual times upon request. Our investigation is still ongoing. For any additional requests or to arrange further discussion, please contact the BigPanda Trust & Security team by email at [email protected].

Time: April 13, 2024, 8:15 p.m.

Status: Monitoring

Update: BigPanda became aware of a Data Breach through its subprocessor Sisense on Thursday April 11th, 2024. We informed Customers that same day of the Breach via the BigPanda Status Page (status.bigpanda.io). We are writing now to notify our Customers and provide an update on the latest available information. Incident Summary A Threat Actor compromised the Sisense platform and gained access to BigPanda Customer Data through Snowflake. To our knowledge, the situation has been contained. Our investigation indicates that at no time did the Threat Actor gain access to BigPanda’s Core Platform. BigPanda’s Use of Sisense and Snowflake The BigPanda Core Platform stores metrics data in Snowflake, which is then loaded into Sisense to deliver metrics reporting via Unified Analytics. Incident and Data Scope Sisense has confirmed the Breach but has yet to provide detailed information about the incident. After BigPanda’s internal investigation, it was confirmed that the Threat Actor accessed BigPanda Customer Data stored in Snowflake via Sisense. It was determined that a read-only service account credential for Snowflake was compromised due to the Breach, thus enabling the threat actor to make SQL queries on the Snowflake database. The BigPanda Customer Data accessed included usernames (which contain BigPanda customer email addresses) and alert and incident tag information. This data in Snowflake enables customers to identify trends within their environments, examples are included below: Username (email address), app_id, source_host, priority, start_time, end_time, date, etc Incident Containment & Remediation Upon becoming aware of the incident, the BigPanda Security Incident Response Team immediately launched an investigation, which included execution of the following steps: - Requesting information and contacting Sisense; - Reviewing all internal systems audit logs for abnormal activity; - Performing programmatic updates to rotate user access keys and BigPanda’s SSO token via prepared scripts; - Rotating service account keys for systems that feed data to Sisense cubes. - Stopping any new Customer Data from being sent to Sisense. We will re-evaluate this decision in the days to come based on information that will be provided to us from Sisense. A more detailed list of the actions taken by the BigPanda Security Incident Response team to ensure the containment of the Breach are as follows: - Changed all Sisense-related passwords on my.sisense.com - For non-Single Sign-On (SSO) access: -- Replaced the Secret in the Base Configuration Security section with your GUID/UUID. -- Reset passwords for all users in the Sisense application. -- Logged out all users by running GET /api/v1/authentication/logout_all under Admin user. - For SSO access: -- Updated sso.shared_secret in Sisense and updated the newly generated value in the SSO handler. -- Rotated the x.509 certificate in our SSO SAML identity provider. -- Rotated the OpenID client secret. -- Updated SSO settings in Sisense with the revised values. -- Logged out all users by running GET /api/v1/authentication/logout_all under Admin user. -- Reset credentials in the database used by the Sisense application. Ongoing Investigation and Mitigation BigPanda is continuing to investigate the issue and will conduct a full external forensic investigation of its Data Platform. We will continue to provide updates as they become available. For any additional requests or to arrange further discussion, please contact the BigPanda Trust & Security team by email at [email protected].

Time: April 12, 2024, 7:08 a.m.

Status: Monitoring

Update: We want to inform you that we have identified and stopped some suspicious activities from an unidentified threat actor. Pursuing our audit of this security incident, we were able to identify there was read-only access to some user data. This incident follows a security incident experienced by one of our partners, Sisense. We wanted to let you know that BigPanda takes this matter extremely seriously. We have started a detailed investigation immediately to understand the full extent of what is happening. Our internal investigation determined the data compromise did not include operational data and was limited to analytical data used for our Unified Analytics offering. As an immediate remediation, we updated all the user access keys and credentials for all our systems. This has terminated access for the threat actor and prevents further intrusion from the recent exploit. We monitored and confirmed there has been no threat actor activity after the user access keys were changed. The threat actor was able to query a list of usernames, which are email addresses. There is no indication that customer API Keys were compromised since all API Keys are stored in a separate secured environment, which was not compromised as part of this event. All user access credentials were rotated as of April 11th, 1:45 PM Pacific, and we have completed Sisense recommended procedures. For any additional requests or to arrange further discussion, please contact BigPanda Security team by email [email protected].

Time: April 10, 2024, 3:24 p.m.

Status: Resolved

Update: This incident has been resolved.

Time: April 10, 2024, 3:01 p.m.

Status: Monitoring

Update: A fix has been implemented and we are monitoring the results.