Cloud Security, Breach

Commvault customer backups spared from Azure breach

Microsoft Azure company logo on a website with blurry stock market developments in the background, seen on a computer screen through a magnifying glass.

BleepingComputer reports that major data protection solutions provider Commvault did not have its customer backup data compromised following a state-sponsored cyberattack against its Azure environment initially disclosed in early March.

Only a few customers have been impacted by the incident, which has not disrupted the firm's operations, said Commvault Chief Trust Officer Danielle Sheer, who also noted an ongoing investigation alongside a pair of cybersecurity firms, the FBI, and the Cybersecurity and Infrastructure Security Agency.

Such an intrusion which involved the exploitation of the Commvault Web Server zero-day, tracked as CVE-2025-3928 also prompted Commvault to issue a separate document urging the immediate Conditional Access policy implementation across Microsoft 365, Dynamics 365, and Azure AD single-tenant App registrations.

"If any unauthorized access is detected, immediately report the incident to Commvault Support for further investigation and remediation," noted Commvault.

Ongoing intrusions involving the flaw has also resulted in its inclusion in the CISA's Known Exploited Vulnerabilities catalog earlier this week.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds