Commvault Backup Data Secure After Azure Cyberattack Mitigates Breach Impact

Here’s a summary of the SC Media article “Commvault customer backups spared from Azure breach”:

• Commvault, a major data protection solutions provider, confirmed that its customer backup data was not compromised following a state-sponsored cyberattack on its Azure environment (first announced in early March).
• According to Commvault’s Chief Trust Officer Danielle Sheer, only a few customers were impacted, with no disruption to Commvault’s operations.
• The company is conducting an ongoing investigation in collaboration with cybersecurity firms, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA).
• The breach involved the exploitation of a Commvault Web Server zero-day vulnerability, tracked as CVE-2025-3928.
• Commvault has urged immediate implementation of Conditional Access policies across Microsoft 365, Dynamics 365, and Azure AD single-tenant App registrations.
• Commvault recommends immediately reporting any unauthorized access to their support team for further investigation.
• The vulnerability has also been added to CISA's Known Exploited Vulnerabilities catalog.

In summary: Despite the breach, Commvault’s customer backup data was not affected, and only a small number of customers were directly impacted—while the company continues to investigate and recommends urgent security measures for customers using affected platforms.
Source: SC Media

---

Source: SC Media Commvault customer backups spared from Azure breach