British cybersecurity and hardware company Sophos has emailed a small group of customers to alert them that their personal information was exposed following a security breach discovered on Tuesday.
The exposed customer data was accessible to unauthorized parties due to a misconfigured “tool” used by the company to store information by users who reached out to the company’s support team.
“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in the notification email.
“As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue.”
Sophos did not provide any information on who discovered and disclosed the insecure storage tool or on the exact number of customers who had their personal info exposed due to this security breach.
The exposed data includes customers’ first and last names, email addresses, and their contact phone number if it was provided to Sophos Support.
The company also said that the customer support information is no longer exposed after remediation measures were taken to stop the data exposure.
“At Sophos, customer privacy and security are always our priority,” the cybersecurity firm added. “We are contacting all affected customers.”
Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service
“Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.”
Earlier this year, Sophos fixed zero-day SQL injection vulnerability in their XG Firewall following reports that hackers were actively exploiting it in attacks.
A new Trojan malware, dubbed Asnarök by Sophos researchers, exploited the zero-day to try and steal firewall usernames and hashed passwords from XG Firewall users starting with April 22, 2020.
The same Sophos XG firewall zero-day was also exploited in failed attempts to deliver Ragnarok Ransomware payloads onto companies’ Windows systems.
Update: A Sophos spokesperson told BleepingComputer that only “a small subset was affected in no specific region” and that “Sophos quickly fixed the issue.”
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.