Sophos Warns Customers of Possible Data Leak

Breach Notification
Incident & Breach Response
Security Operations

Company Reportedly Investigating Misconfigured System As Cause

Sophos Warns Customers of Possible Data Leak

Security firm Sophos is warning that some of its customers may have had their data exposed due to a misconfigured internal system, according to a published report.

On Tuesday, the U.K.-based firm sent a message to customers noting them that because of an “access permission issue in a tool used to store information on customers who have contacted Sophos Support,” some data may have leaked, according to a report in ZDNet, which obtained a copy of the notification.

See Also: Continuous Attack Simulations: How to Identify Risk, Close Gaps, and Validate Your Security Controls

The data that possibly leaked included customers’ last names, email addresses, and phone numbers, according to the report. In a message to Information Security Media Group, a company spokesperson confirmed the incident and noted that only a “small number” of customers were affected by the incident. The company did not offer specifics.

“A small subset was affected in no specific region,” the Sophos spokesperson noted. “Sophos quickly fixed the issue. At Sophos, customer privacy and security are always a top priority.”

Past Attacks

This is the second instance of a security incident affecting a Sophos internal system that has happened this year.

In April, Sophos reported that hackers tried two methods of exploiting a zero-day vulnerability in Sophos’ XG firewall, for which the company made a temporary fix that mitigated the risks (see: Hackers Tried to Exploit Zero-Day Flaw in Sophos Firewall…