• Expand/CollapseMenu
Help

Tealium Statement on MoveIT security vulnerability 08 June 2023

‎06-08-2023 04:11 PM
katijacobson
Community Manager
Community Manager

Is Tealium at risk? 

No. Tealium does not use MoveIT software. 

Incident Overview 

On the evening of 07 June 2023 pacific time, Tealium became aware of the MoveIT ransomware attack. Tealium’s security operations team conducted an assessment via scanning and querying our configuration management database and verified we DO NOT use MoveIT software within our environment. 

What do Customers need to do? 

Nothing in relation to Tealium’s Services. Continue to use Tealium’s Services as normal. 

Will Tealium notify Customers? 

In the event we identify any new connections with MoveIT in our environment in the future, we will invoke our Incident Response processes outlined in our Incident Response Policy and notify affected Customers (if any) in accordance with our Notification Policy

Compliance, Governance and Audits 

Tealium agrees to compliance with all applicable legal and regulatory requirements. See Tealium’s terms at tealium.com/terms

CPP: 1. Data Processing. 

2.2 Compliance with Laws. Each party will comply with all Data Protection Laws and Regulations applicable to it and binding on it in the provision or receipt of Services under the MSA, including all statutory requirements relating to data protection. 

Tealium has an Information Security and Privacy Management System (“ISPMS”) that defines the implementation of our ISPMS program. The ISPMS program has executive oversight by the ISPMS Governance Council that meets quarterly. 

Tealium’s InfoSec requirements are defined in our ISPMS Policies. See our Employee InfoSec pages in Tealium Community for more details and links to our policies: https://community.tealiumiq.com/t5/Information-Security/Security-and-Compliance-Overview/ta-p/26051 

Tealium certifies annually to the following frameworks: 

  • SOC2 Type 2 
  • ISO/IEC 27001:2013 
  • ISO/IEC 27018:2019 - Security in the Cloud enhancements to 27001 
  • ISO/IEC 27701:2019 - Privacy enhancements to 27001 
  • Health Insurance Portability and Accountability Act (“HIPAA”)
  • TISAX Level 1 

Training 

Tealium’s employees must complete annual Information Security Awareness training to ensure everyone at Tealium understands the role and responsibility in the Security of Tealium and our Services. 

Tealium’s Operations staff undergo extended training on security and HIPAA requirements to ensure 

Tealium’s Developers are trained in secure coding practices and compliance with at least the OWASP Top 10 and SANS Top 25 Most Dangerous Programming Errors.

0 Kudos

Copyright All Rights Reserved © 2008-2023

Public