Sophos Alerts Customers Of Info Exposure After Security Breach

British cybersecurity and hardware company Sophos has emailed a small group of customers to alert them that their personal information was exposed following a security breach discovered on Tuesday.

The exposed customer data was accessible to unauthorized parties due to a misconfigured “tool” used by the company to store information by users who reached out to the company’s support team.

Only a small subset of customers affected

“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in the notification email.

“As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue.”

Sophos did not provide any information on who discovered and disclosed the insecure storage tool or on the exact number of customers who had their personal info exposed due to this security breach.

The exposed data includes customers’ first and last names, email addresses, and their contact phone number if it was provided to Sophos Support.

The company also said that the customer support information is no longer exposed after remediation measures were taken to stop the data exposure.

Sophos breach notification
Sophos breach notification

“At Sophos, customer privacy and security are always our priority,” the cybersecurity firm added. “We are contacting all affected customers.”

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

“Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.”

Not the first security incident this year

Earlier this year, Sophos fixed a zero-day SQL injection vulnerability in their XG Firewall following reports that hackers were actively exploiting it in attacks.

A new Trojan malware, dubbed Asnarök by Sophos researchers, exploited the zero-day to try and steal firewall usernames and hashed passwords from XG Firewall users starting with April 22, 2020.

The same Sophos XG firewall zero-day was also exploited in failed attempts to deliver Ragnarok Ransomware payloads onto companies’ Windows systems.

Update: A Sophos spokesperson told BleepingComputer that only “a small subset was affected in no specific region” and that “Sophos quickly fixed the issue.”

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Privacy Ninja provides GUARANTEED quality and results for the following services: 
DPO-As-A-Service (Outsourced DPO Subscription)
PDPA Compliance Training
DPA Compliance Audit
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Vulnerability Assessment & Penetration Testing (VAPT)
Smart Contract Audit

Like & Subscribe:

Categories: DataBreach


Leave a Reply

Your email address will not be published. Required fields are marked *