The British cybersecurity and hardware company Sophos sent an email to some of its customers to warn them that their personal information was exposed after a security breach was discovered on Tuesday.
Exposed customer data was accessible to unauthorized parties due to an incorrect "tool" configuration used by the company to store information from users who contacted the company's support team.
Only a small subset of customers is affected
"On November 24, 2020, Sophos was notified of an access issue to a tool used to store information from customers who have contacted Sophos Support," she said. company.
"As a result, some data from a small subset of Sophos customers were exposed. We fixed the problem quickly. "
Exposed data include their names customers, The e-mail and their phone numbers - if given to Sophos Support. The company also said that customer information is no longer exposed after λήψη some remedial measures.
“In Sophos, the privacy and customer safety is always the priority us ", the company added. "We contacted all those affected customers. In addition, we are implementing additional measures to ensure that access settings are always secure. ”
This is not the first security incident to occur this year
Earlier this year, Sophos fixed a zero-day SQL injection vulnerability in Firewall XG after reports that hackers were actively exploiting it in attacks.
The same zero-day vulnerability was exploited by some other hackers who tried to deliver Ragnarok ransomware payloads to Windows companies.