Qualcomm has suffered a cybersecurity issue impacting the security of its visitor check-in system.

The tech giant has begun notifying impacted individuals of the issue in a privacy notice which reads, “Last week on January 15 we became aware of an issue affecting the security of Qualcomm’s visitor check-in system.”

Impacted individuals include people who would have previously visited one or more of Qualcomm’s offices and used the visitor check-in system.

The attack left impacted users’ information exposed to unauthorised access. Information such as an individual’s contact and employer information, citizenship, and the date, time, and purpose of their visit has been exposed.

Credit card information, government identifiers, or birthdates were not exposed as part of the attack, posing no significant risk to identity theft, as per Qualcomm’s privacy notice.

However, since a user’s contact information was exposed, they may be facing a risk of phishing.

According to Qualcomm’s FAQ page on the issue, cyberattackers leveraged a remote-code execution vulnerability in its QVisit application to access the servers that host the application.

This allowed them to download and run additional software providing them login access to the compromised system.

“Analysis of the systems and available logs do not indicate the attackers took any further actions in the application or on the system,” as per the FAQ page.

“We have completed a rebuild of the impacted QVisit application and associated infrastructure to ensure the intrusion was contained and further access is prevented. We have also added additional cybersecurity monitoring to detect any future intrusion attempts. The intrusion has been reported to the federal authorities and we are notifying impacted individuals,” it said on the FAQ page.

comment COMMENT NOW