Jump to content

Sophos notifies customers of data exposure after database misconfiguration


steven36

Recommended Posts

Company says that only a small subset of customers were impacted.

 

LMoRRLZ.png

 

UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week.

 

"On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support," the company said in an email sent to customers and obtained by ZDNet.

 

Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided).

 

A Sophos spokesperson confirmed the emails earlier today and told ZDNet that only a "small subset" of the company's customers were affected but did not provide an approximate number.

Sophos said it learned of the misconfiguration from a security researcher and fixed the reported issue right away.

 

"At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers," the company said. "Additionally, we are implementing additional measures to ensure access permission settings are continuously secure. "

 

This is the second major security incident Sophos has dealt with this year. In April, a cybercrime group discovered and abused a zero-day in the Sophos XG firewall to breach companies across the world. The attackers deployed the Asnarok trojan, and once the zero-day was publicly disclosed, they attempted to deploy ransomware — but eventually failed.

 

VRTWAD1.png

Image supplied by source

 

Source

Link to comment
Share on other sites


  • Views 480
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...