Skip to content
Cybersecurity

Notice: Security Advisory

This blog post is part of our ongoing commitment to protect customer data and share threat intelligence with the cybersecurity community.


Facts

On February 20, 2025, Microsoft notified us about unauthorized activity within our Azure environment by a suspected nation-state threat actor. We immediately activated our incident response plan with the assistance of leading cybersecurity experts and law enforcement.

Our investigation validated that unauthorized access affected a handful of customers and we promptly contacted them to provide assistance. Our investigation also confirmed there was no unauthorized access to any data that Commvault protects for any customer, and no impact on Commvault’s business operations or ability to deliver our products and services.

Action Taken

Our forensic investigation discovered that the threat actor exploited a zero-day vulnerability, which has been patched and we encourage our software customers to do the same. We also rotated affected credentials, continue to further harden our defenses and work with law enforcement.

Working Together

No company is immune to an attack. We believe that sharing information and working together makes us all more resilient. We thank Microsoft for their notification to us, our cybersecurity experts for their trusted partnership, and our customers for their responsiveness and resilience.

For further inquiries, customers may contact Commvault’s support team via our portal at https://support.commvault.com.

More related posts


Thumbnail_Blog-Threathwise-2025-Linkedin

Protecting Against the Threats of Tomorrow: How to Implement Early Warning Signals

Read more about Protecting Against the Threats of Tomorrow: How to Implement Early Warning Signals
Thumbnail_Blog_Clumio-Apache-Iceberg-on-AWS

Closing the Gap in Data Lakehouse Protection: Clumio for Apache Iceberg on AWS

Read more about Closing the Gap in Data Lakehouse Protection: Clumio for Apache Iceberg on AWS
Thumbnail_Blog_Multi-Layered-Approach-2025[98]

A Multi-Layered Approach to Cyber Resilience

Read more about A Multi-Layered Approach to Cyber Resilience