Thursday, December 26, 2024

Sophos notifies customers of data exposure after database misconfiguration

UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week.

“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in an email sent to customers and obtained by ZDNet.

Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided).

A Sophos spokesperson confirmed the emails earlier today and told ZDNet that only a “small subset” of the company’s customers were affected but did not provide an approximate number.

Sophos said it learned of the misconfiguration from a security researcher and fixed the reported issue right away.

“At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said. “Additionally, we are implementing additional measures to ensure access permission settings are continuously secure. “

This is the second major security incident Sophos has dealt with this year. In April, a cybercrime group discovered and abused a zero-day in the Sophos XG firewall to breach companies across the world. The attackers deployed the Asnarok trojan, and once the zero-day was publicly disclosed, they attempted to deploy ransomware — but eventually failed.

article origin: https://www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/

Bookmark
Please login to bookmarkClose
Just your average information security researcher from Delaware US.
Latest posts by RiSec.Mitch (see all)
Recommended:  Warning: Log4j Still Lurks Where Dependency Analysis Can’t Find It
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security