Commvault, a global company known for data protection and information management, has confirmed a cyberattack on its Azure cloud environment earlier this week.
The attack involved a zero-day vulnerability and is believed to have been carried out by a nation-state hacker group. This highlights the growing risks facing cloud providers and their customers.
On February 20, 2025, Microsoft alerted Commvault to unusual activity in its Azure setup.
In response, Commvault activated its security protocols, brought in top cybersecurity experts, and worked with law enforcement to investigate.
According to the company, only a small number of customers were affected. “Our investigation showed that a handful of customers experienced unauthorized access, and we reached out to help them,” a spokesperson said.
Commvault also confirmed there is no evidence the attacker accessed or compromised any customer data the company protects.
Operations and services were not disrupted, and Commvault continues to function normally.
Details of the Attack and Commvault’s Response
Forensic analysis showed that the attacker used a zero-day vulnerability—an unknown security flaw—in Commvault’s Azure cloud environment. Even Commvault wasn’t aware of it until the attack happened.
Once the issue was discovered, Commvault quickly patched the vulnerability and urged users to update their software right away.
The company also changed all affected passwords and is working to make its systems even more secure.
Commvault is actively working with law enforcement to support the investigation and help stop future attacks.
The company’s leaders said this kind of threat affects the whole tech industry: “No company is immune to an attack. We believe sharing information and working together helps everyone stay safer.”
Commvault thanked Microsoft for the early alert, its security team for acting fast, and its customers for their support and trust.
This incident is a clear reminder that cyber threats are always changing and that cloud services must stay prepared.
By sharing what happened and how they responded, Commvault hopes to encourage more openness and teamwork in the cybersecurity world.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment