BAI statement on December 2020 SolarWinds Orion security incident
BAI does not utilize and has never utilized the SolarWinds Orion platform for network management. At this time BAI has no indication it is affected by this security incident.
As soon as the recent software supply-chain attack against the SolarWinds Orion network management platform (a.k.a. “SUNBURST”) was made public, BAI immediately verified that the affected software was not present on any of its systems. Additionally, BAI has scanned its network for any of the affected software components as well as related “indicators of compromise.” To date we have found no such evidence.
One of our vendors, Microsoft, has reported being affected by the attack. Their report indicates the issue was contained by the Microsoft security team and there are no downstream effects on Microsoft customers or customer data.
BAI will continue to communicate with all its vendors to ensure they remain unaffected by this attack, and to implement additional controls to mitigate similar software supply-chain attacks in the future.
The BAI security team will continue to monitor security news and threat feeds for additional information and update this statement as necessary.