Cloudflare Admits Potential Violations Of U.S. Sanction Programs

Parties allowed to use Cloudflare's products include entities designated as terrorists or narcotics traffickers by the U.S. government, as well as groups affiliated with governments currently subject to U.S. sanctions.

Cloudflare admitted that its products have been used by, or for the benefit of, individuals and entities that have been blacklisted by federal regulators.

The San Francisco-based networking and cybersecurity vendor said a small number of blacklisted parties made payments to Cloudflare in connection with their use of the company's platform, according to a regulatory filing.

Parties allowed to use Cloudflare's products include entities designated as terrorists or narcotics traffickers by the U.S. Office of Foreign Assets Control (OFAC), as well as groups affiliated with governments currently subject to comprehensive U.S. sanctions.

[Related: Cloudflare, At Center Of 8Chan Controversy, Files To Go Public]

Cloudflare said in its filing with the U.S. Securities and Exchange Commission (SEC) that it has implemented additional controls and screening tools to prevent similar activity from occurring in the future. The filing was first reported by The Wall Street Journal.

Cloudflare additionally indicated that it may have submitted incorrect information to the U.S. government in connection with certain hardware exports, according to the filing. As a result, Cloudflare said it submitted self-disclosures to the Commerce Department's Bureau of Industry and Security as well as to the Census Bureau regarding potential violations of Foreign Trade Regulations.

The company said it's taking remedial measures to prevent similar export-related filing and reporting anomalies from occurring in the future. Cloudflare did not immediately respond to a request for comment from CRN.

Cloudflare disclosed the potential violations in preparation for its initial public offering, which could raise as much as $563.5 million with the company selling as many as 40.25 million shares at between $12 and $14 per share. The company will be traded on the New York Stock Exchange under the symbol NET.

The company has in recent years cut ties with inflammatory websites like 8chan and The Daily Stormer that had relied on Cloudflare's security and performance services. The gunman in last month's El Paso shooting that killed 22 killed and injured 24 more posted a hate-filled manifesto on 8chan shortly before the killings, and the site also inspired the Christchurch, New Zealand killer of Muslim worshipers.

Two years earlier, Cloudflare severed ties with neo-Nazi, white supremacist website The Daily Stormer following the 2017 far-right protests in Charlottesville that left one person dead. However, The Daily Stormer came back online after only a brief interruption in the site’s operations.

All told, Cloudflare had a total of 74,873 paying customer for the six months ended June 30, and claimed to have blocked 44 billion cyber threats per day on average during the second quarter of 2019.

Cloudflare made headlines in July due to a major outage that affected all of the company's services globally. CEO Mathew Prince told CRN at the time that the widespread service outage was caused by a bug in the company's firewall software and not a cyberattack.