During the week of January 11, 2021, it was brought to our attention there was a security incident involving a Mimecast SSL certificate that is used to secure communications between Mimecast services and Microsoft 365 programs. It has been estimated that about 10% of Mimecast customers run using this certificate, but only a single digit number of customers experienced impacts due to this security incident. Mimecast has since resolved the certificate and has identified the small number of M365 domains and tenants potentially impacted. Their team has delivered proactive remediation steps for accounts or tenants who may have been potentially impacted.
We believe there is no active threat to Coretelligent nor our customers at large following this incident disclosure. We have identified only two customer accounts that were proactively flagged by Mimecast, but after thorough monitoring via our CoreArmor solution, we have determined no anomalies or indicators of compromise (IOCs) were detected. Our Remote Support Team has worked with Mimecast to implement necessary steps recommended by Mimecast to protect these flagged accounts and remove the compromised certificate.
The compromised certificate allowed customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and connected to Microsoft Exchange Web Services. Potentially impacted customers were immediately contacted to remediate the issue and Mimecast provided necessary steps. These customers were recommended to delete their existing certificate-based connection with their M365 tenant and re-establish a new certificate with Mimecast. These actions would not impact inbound or outbound mail flow or associated security scanning. Other customers were not instructed to take any action because there is zero chance they were impacted.
Mimecast has expressed their gratitude for supportive customers as they are working tirelessly to remediate the issue and keep their accounts safe. For a full and more in-depth statement, you may reference Mimecast’s response here.
Coretelligent is actively monitoring the incident and staying up to date as new information may emerge. One of our core values is transparency, and we always aim to keep our clients aware of major or minor security hacks as they are brought to our attention. We hope you understand Coretelligent was not negatively impacted by the Mimecast certificate hack. If you have any questions or concerns, we are happy to address them. Our security and support teams are available to help. You can reach us here.