Virtru incident

System Outage

Critical Resolved View vendor source →

Virtru experienced a critical incident on November 21, 2025 affecting Virtru Corporate Website and Virtru Control Center and 1 more component, lasting 1h 53m. The incident has been resolved; the full update timeline is below.

Started
Nov 21, 2025, 08:26 PM UTC
Resolved
Nov 21, 2025, 10:19 PM UTC
Duration
1h 53m
Detected by Pingoru
Nov 21, 2025, 08:26 PM UTC

Affected components

Virtru Corporate WebsiteVirtru Control CenterVirtru Secure Email ClientsNew User Provisioning & PaymentsVirtru Secure ReaderRevokeForwarding ControlVirtru Secure ShareExpirationHosted Gateway

Update timeline

  1. investigating Nov 21, 2025, 08:26 PM UTC

    We are currently investigating an issue affecting all core services.

  2. investigating Nov 21, 2025, 08:33 PM UTC

    We are continuing to investigate this issue.

  3. identified Nov 21, 2025, 08:54 PM UTC

    The issue has been identified. Most services have been restored except for the Virtru-Hosted Gateway. We are monitoring those services and working on a fix for the Gateway.

  4. monitoring Nov 21, 2025, 09:10 PM UTC

    All services have been restored. Some Gateway emails may experience slight delays. We are currently monitoring.

  5. monitoring Nov 21, 2025, 09:22 PM UTC

    All services, including Virtru-Hosted Gateway, have been restored. We continue to monitor.

  6. resolved Nov 21, 2025, 10:19 PM UTC

    This incident has been resolved.

  7. postmortem Nov 24, 2025, 08:03 PM UTC

    On November 21, 2025, Virtru experienced a brief outage impacting all services. At 20:09 UTC our monitoring alerted us that all applications and APIs were unavailable. Virtru users received “network or service unavailable” error messages for the duration of the outage, which lasted less than 30 minutes. ‌ **What Happened** The outage was caused by a malformed policy that was applied to our runtime protection tool, which protects running workloads from a variety of risks, including enforcing a DNS query allow list. This bad policy blocked a majority of DNS traffic and caused enforcement of the policy to be applied to a majority of pods across all of our clusters. ‌ **How Virtru Responded** The policy was reverted immediately; however, it was so restrictive that the sensors could not connect back to receive the update. This required additional remediation efforts by Virtru to manually destroy the old policy, resync the good policy, and cycle all the pods. For most of our services, this meant that all functionality was fully restored at 20:38 UTC. All customer data remained secure throughout the duration of the outage. ‌ **Next Steps** We are taking steps to protect ourselves from events like this reoccurring in the future. We will be investigating and implementing controls to: * Automate policy validation to ensure that malformed rules cannot be pushed to production * Create more robust internal scoping policies to prevent malformed rules from propagating globally across our infrastructure * Improving emergency access for redundancy to speed up response times We understand that our customers rely on Virtru for critical security and privacy functions, and we take both this incident and your trust seriously. If you have questions about this incident or experienced specific issues, please contact our support team at [[email protected]](mailto:[email protected]).