The Ministry of National Security has issued a warning for Bermudians using Fortinet devices after a global hack targeting the brand.

“FortiBleed”, a global credential-harvesting campaign, is believed to have impacted between 74,000 and 86,000 devices around the world.

Fortinet FortiGate firewalls and secure socket layer virtual private networks, or SSL VPNs, are understood to have been targeted in the attack.

Jaché Adams, the Acting Minister of National Security, said: “The security of Bermuda’s digital infrastructure is a matter of national importance.

“This campaign is not a theoretical risk — it is an active threat that has already compromised tens of thousands of devices globally.

“I urge every organisation in Bermuda operating Fortinet equipment to treat this as a priority and act on the guidance provided today without delay.”

Use of Fortinet has been documented in several Bermudian organisations, including digital services provider CSS Group and the Government.

It is understood that attackers exploited previously compromised credentials and reused passwords while also using brute-force hacking tactics.

Once inside a device, attackers can intercept network traffic, create backdoor accounts, modify configurations and move into connected systems.

Fortinet confirmed that the hack did not start from software vulnerability but from weak passwords, missing multi-factor authentication and password storage methods that stayed on devices after firmware updates.

The US Cybersecurity and Infrastructure Security Agency and Fortinet’s product security incident response team issued formal guidance urging immediate action.

Fortinet is contacting those with known compromised accounts, but advised the public to not assume their accounts are safe.

Any organisation or individual in Bermuda operating a Fortinet FortiGate firewall or SSL VPN gateway — whether in the public sector, private sector, financial services, telecommunications, healthcare or any other sector — was urged to treat the alert as directly relevant and to act immediately.

The National Cybersecurity Unit advised Fortinet device users to terminate all active sessions.

They were also advised to reset all credentials, upgrade to a supported firmware version, enable multi-factor authentication, audit configurations, review logs for signs of compromise and restrict management access.

Organisations were urged to follow Fortinet’s incident recovery process, isolate the device from their networks and examine the extent of any lateral movement into connected systems.

Unrecognised accounts, unauthorised configuration changes and suspicious authentication activity can all be indicators of compromise.

Operators should not rely solely on resetting credentials before resuming operations.

Bermudian residents who have been impacted and need guidance or wish to report a suspected incident should contact the NCU at cybersecurity@gov.bm.

For technical guidance, visit Fortinet’s website.