Security Update

Verkada Customers and Partners,

We’re writing to let you know that Mandiant — the external firm hired to conduct an independent review of our March 9th security incident — has concluded its investigation and confirmed that its findings are consistent with those from our own internal investigation. You can download the letter here.

As we previously shared, all affected customers were notified of this attack. You can read more about our internal investigation here, which was released on April 7 and updated on April 23.

With both these security reviews complete, our focus is now on the remainder of our 100 day plan to strengthen the safeguards in our products. This includes strengthening our governance programs and ensuring strong checks and balances in our security program, including:

• Establishing a Security and Privacy Governance Committee that includes members of our executive team, including the CISO;

• Providing quarterly updates from the CISO on our security and privacy programs to the board of directors;

• Setting up a compliance program that builds towards a SOC2 examination and report;

• Creating a Customer CISO Council to advise us on best practices for security procedures and protocols;

• Launching our bug bounty program to incentivize engineers and security researchers to find, report, and help address malware and vulnerabilities associated with any of our software;

• Conducting enhanced penetration testing; and

• Improving change and configuration management.

We will continue to provide relevant updates regarding the progress on these steps.

Thank you,