Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach.

The company provides public warning, crisis management, and risk intelligence services to over 6,500 customers worldwide, including the U.S. Army, the Hartsfield-Jackson Atlanta International Airport, and the countries of Norway and Australia, among others.

The attackers were detected on the company's network last Tuesday, May 21. They breached Everbridge's corporate systems using information collected in a previous phishing attack targeting some of its employees.

Jeff Young, Everbridge's Vice President of Corporate Communications, told BleepingComputer that no evidence indicates a ransomware attack and that the company promptly notified relevant law enforcement agencies of the incident.

"While our investigation is ongoing and in its early stages, we are aware that the unauthorized party responsible for this activity has accessed a limited number of files on our corporate network containing certain business related data, including instances of admin user and limited other users' contact information, information about the subscribed Everbridge services, and enabled access methods," the company told customers in a breach notification seen by BleepingComputer.

A source close to the investigation told BleepingComputer that customer information was exposed in the corporate data accessed by the threat actors, and those impacted are being notified.

The same source said that Everbridge is working with incident response experts from Mandiant and Stroz Friedberg to assess the attack's severity and impact.

MFA required on all accounts by June 3

Given the increasing risk of phishing attacks, Everbridge also shared information with each account administrator on how to identify and guard against such attacks and urged customers to enable multi-factor authentication (MFA). This additional layer of protection will also be force-enabled on all accounts by Monday.

"We strongly encourage all customers to enable MFA on all administrator accounts, and we will be accelerating enforcement of MFA for all customers in the coming days," the company said.

"Everbridge will enable multi-factor authentication (MFA) for all accounts by June 3, 2024. If your organization supports Single Sign-On (SSO), we strongly recommend you enable SSO for your Everbridge login as soon as possible."

Everbridge began operating in 2002 as 3N Global and went public in 2016 on the Nasdaq stock exchange following a $90 million IPO. In 2023, it reported revenues of $449 million and now has more than 1,800 employees.

The company says it provides public warning, crisis management, and risk intelligence services to over 6,500 customers worldwide, including the U.S. Army, the Hartsfield-Jackson Atlanta International Airport, and the countries of Norway and Australia, among others.

Investment giant Thoma Bravo agreed to take Everbridge private on March 1, 2024, in a $1.8 billion all-cash deal.