UK-based cyber-security vendor Sophos is notifying its customers via email about a security breach which had affected the company earlier this week.
On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support.
The leaked data include details such as first and last name of customers, email addresses, and phone numbers if available.
According to a spokesperson at Sophos, only a “small subset” of the company’s customers were affected but did not provide an approximate number.
The company became aware of the misconfiguration from a security researcher and fixed the reported issue immediately.
The company stated that customer privacy and security are always their top priority. All the impacted customers are being notified. Besides they are also implementing additional measures to ensure access permission settings are continuously secure.
This is the second major security incident Sophos has dealt with this year after a cybercrime group discovered and abused a zero-day in the Sophos XG firewall to breach companies across the world in April.
Image Credits : TechRadar