UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM
CURRENT REPORT
Pursuant to Section 13 or 15(d)
of The Securities Exchange Act of 1934
Date of Report (Date of earliest event reported)
(Exact name of registrant as specified in its charter)
| (State or other jurisdiction of incorporation) |
(Commission File Number) |
(IRS Employer Identification No.) |
(Address of principal executive offices, including zip code)
(Registrant’s telephone number, including area code)
(Former name or former address, if changed since last report)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
| Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) |
| Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) |
| Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) |
| Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) |
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class |
Trading Symbol(s) |
Name of each exchange on which registered | ||
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (17 CFR §230.405) or Rule 12b-2 of the Securities Exchange Act of 1934 (17 CFR §240.12b-2).
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
| Item 7.01 | Regulation FD Disclosure. |
On March 3, 2021, Qualys, Inc. (“Qualys” or the “Company”) issued a press release regarding a data breach incident with Accellion FTA, a third-party file transfer solution that Qualys deployed to exchange information as part of the Company’s customer support system. The incident has had no impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform. All Qualys platforms continue to be fully functional and at no time was there any operational impact. The full text of the press release is attached hereto as Exhibit 99.1 and is incorporated herein by reference.
This information is intended to be furnished under Item 7.01 of Form 8-K and shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or incorporated by reference in any filing under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific reference in such a filing.
| Item 9.01 | Financial Statements and Exhibits. |
(d) Exhibits.
| Exhibit |
Description | |
| 99.1 | Press release dated March 3, 2021 | |
| 104 | Cover Page Interactive Data File (the cover page XBRL tags are embedded within the Inline XBRL document) | |
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
| QUALYS, INC. | ||
| By: | /s/ Joo Mi Kim | |
| Joo Mi Kim Chief Financial Officer | ||
Date: March 3, 2021
Exhibit 99.1
Qualys Update on Accellion FTA Security Incident
No impact on Qualys Cloud Platform production environments hosting customer data or codebase
FOSTER CITY, Calif. – March 3, 2021 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based IT, security, and compliance solutions, today issued an update on the security incident regarding the Accellion FTA file transfer solution.
Qualys received new information about a previously identified zero-day exploit in a third-party solution, Accellion FTA that Qualys deployed to transfer files as part of our customer support system.
Qualys confirms today there is no impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform. All Qualys platforms continue to be fully functional and at no time was there any operational impact.
Qualys had deployed the Accellion FTA server in a segregated DMZ environment, completely separate from systems that host and support Qualys products to exchange information as part of our customer support system. Qualys chose the Accellion FTA solution for encrypted temporary transfer of manually uploaded files. There was no connectivity between the Accellion FTA server and our production customer data environment (the Qualys Cloud Platform). The Accellion FTA product is a third-party system fully managed by Accellion.
As with any security incident, the investigation is ongoing, and we continue to look for ways to enhance security and provide the strongest protections for our customers. We have engaged FireEye Mandiant, who also worked with Accellion on the wider investigation. Qualys is strongly committed to the security of its customers and their data, and we will notify them should material information become available. For additional information, please see our blog.
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security and compliance solutions with over 19,000 active customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings. For more information, please visit www.qualys.com.
Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Media Contact:
Tami Casey
Qualys
(650) 801-6196
tcasey@qualys.com