Security firm Sophos has informed customers it suffered a data breach as a result of a misconfigured database.
According to ZDNet, customers’ personal information was exposed, including names, emails and phone numbers. The company informed impacted customers via email, which ZDNet got a copy of.
On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support.
The company confirmed the breach to ZDNet, saying that only a “small subset” of its customers were impacted. Nonetheless, this is the second major security issue this year for Sophos, a major source of embarrassment for a company in the business of providing computer security to its customers.
The company tried to assure customers it was doing everything it could to address the issue.
At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said. “Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.