Skip to main content

Sophos warns customers it was hit by data breach

Data Breach
(Image credit: Shutterstock)

UK cybersecurity firm Sophos has disclosed that it has become the victim of a data breach. A small number of customers received an email earlier this week informing them that their data had been exposed after unauthorized personnel used a misconfigured tool to gain access to sensitive information.

"On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the email read. "As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue."

Currently, it remains unclear how the breach was discovered, while the number of customers affected has also not been disclosed. it has been revealed, however, that customer names, email addresses, and telephone numbers were among the data exposed by the breach.

Not the first time

Fortunately, Sophos acted quickly to put a stop to the data exposure and the information is no longer at risk. Additional measures have also been put in place to prevent permission issues from causing similar incidents in the future. Nevertheless, it would be understandable if some Sophos customers remained unconvinced. Earlier this year, the firm also disclosed that its XG Firewall was vulnerable to a zero-day SQL injection vulnerability.

Although it may be more embarrassing when an incident like this occurs at an organization that stakes its reputation on cybersecurity, it happens with surprising regularity. Aside from the Sophos breach, Avast, Trend Micro, and a number of other security firms have recently become victims of cyberattacks.

While the Sophos incident was relatively minor, affected customers should remain extra vigilant against phishing attacks, as cyberattackers may attempt to leverage ill-gotten data in follow-up exploits.

Via Bleeping Computer