Breathe is aware of and has been closely monitoring a recently disclosed security issue relating to the open-source logging tool called Apache “Log4j2”. Our team is continuing to review internal systems and will monitor the event.
What is Log4j2
Log4j2 is an open-source Java-based logging tool maintained by the Apache Software Foundation and used by many services.
Was Breathe HR affected?
We have performed a thorough investigation and no Breathe HR products or customer facing systems are vulnerable to Log4j2.
We can confirm our sub-processor Amazon Web Services (AWS) are patching the vulnerability across their network.
Want further information?
If you would like further information about Breathe Security and Reliability this can be found here.
What should I do now?
We will continue to investigate any potential exposure to this issue and at this time you do not need to take any action relating to your Breathe HR account.
We would recommend to be wary of suspicious looking activity, e-mails or websites, and not clicking links or opening attachments in unexpected e-mails.
If you have specific questions related to this event, feel free to get in touch.