- Ava Labs has filed a lawsuit against Jumpcloud Inc., accusing it of facilitating hacker access
- Jumpcloud was hacked last year, with Ava Labs one of the customers affected
- Ava Labs contends that the ongoing damages resulting from the hack warrant compensation, seeking to reclaim millions of dollars.
Avalanche blockchain creator Ava Labs has taken legal action against Jumpcloud Inc., alleging that the latter’s directory-as-a-service technology served as a gateway for malicious hackers. According to Ava Labs’ complaint, filed in Boulder County District Court, Jumpcloud acted as a “revolving door for malicious hackers” that allowed North Korean hackers to infiltrate its sytems. Ava Labs, one of the handful of affected customers, argues that the damage caused by that hack is ongoing and may reach several million dollars, which it wants back.
Jumpcloud Hacked by North Koreans
The hack in question occurred in June 2023, when Jumpcloud said that state-sponsored attackers had breached its systems via a spear-phishing attack, although it found no evidence at the time that customers had been impacted. Three months later it posted an update where it said that “the nation-state actor involved was North Korea” and that it had identified fewer than five customers who had been affected.
One of those customers was Ava Labs, which says in its filing that the hack has deeply impacted its operations, alleging that its cleanup expenses came to over $637,500. In addition, it claims that it is dealing with ongoing consequential damages, including loss of goodwill and reputation, leading to projected lost profits exceeding $2 million.
Ava Labs Cites Reputational Damage
Ava LAbs makes no bones about who it holds responsible, saying in a statement seen by BizWest that “Jumpcloud’s platform was the very doorway through which the threat actors gained access to Ava Labs’ devices, systems, and private data,” comparing the intrusion to “a home security system opening up a window for intruders.”
Ava Labs also criticized Jumpcloud’s response to the incident, alleging that the company failed to adequately assist affected customers, including themselves, while attempting to conceal its security lapses.
