Related to the compromise earlier this month, Mimecast disclosed the following: 

“Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes.’

Although we are not aware that any of the encrypted credentials have been decrypted or misused, we are advising customers hosted in the United States and United Kingdom to take precautionary steps to reset their credentials.”

These service accounts, if compromised, do not grant the ability for an attacker to read or intercept emails.

Matsco is deleting and recreating the service accounts for United States and United Kingdom clients, which will include different account names and strong passwords. Tickets will be logged for any instance where action was necessary and clients will be notified in due course of the actions taken.

No action is required by clients at this time. If you have any questions, please feel free to contact us at the below: