UK cybersecurity firm Sophos (opens in new tab) has disclosed that it has become the victim of a data breach. A small number of customers received an email earlier this week informing them that their data had been exposed after unauthorized personnel used a misconfigured tool to gain access to sensitive information.
"On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the email read. "As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue."
Currently, it remains unclear how the breach was discovered, while the number of customers affected has also not been disclosed. it has been revealed, however, that customer names, email addresses, and telephone numbers were among the data exposed by the breach.
- Keep your network secure with the best endpoint protection (opens in new tab) software
- We've put together a list of the best malware removal (opens in new tab) software
- Also check out our roundup of the best ransomware protection (opens in new tab)
Not the first time
Fortunately, Sophos acted quickly to put a stop to the data exposure and the information is no longer at risk. Additional measures have also been put in place to prevent permission issues from causing similar incidents in the future. Nevertheless, it would be understandable if some Sophos customers remained unconvinced. Earlier this year, the firm also disclosed that its XG Firewall was vulnerable to a zero-day SQL injection vulnerability.
Although it may be more embarrassing when an incident like this occurs at an organization that stakes its reputation on cybersecurity, it happens with surprising regularity. Aside from the Sophos breach, Avast (opens in new tab), Trend Micro (opens in new tab), and a number of other security firms (opens in new tab) have recently become victims of cyberattacks.
While the Sophos incident was relatively minor, affected customers should remain extra vigilant against phishing attacks, as cyberattackers may attempt to leverage ill-gotten data in follow-up exploits.
- Also, check out our roundup of the best antivirus (opens in new tab) software
Via Bleeping Computer (opens in new tab)