According to a report in ZDNet on Thursday, the data exposure included details such as customers’ first and last names, email addresses and phone numbers (wherever provided).
“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in the email.
Only a “small subset” of the customers were affected, it added.
This is the second time this year when Sophos was hit by threat actors.
In April, the UK-headquartered cyber security firm published an emergency security update to patch a zero-day vulnerability in its XG enterprise product being abused by hackers.
This time, Sophos said it came to know about the data exposure after a security researcher alerted the company.
“At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said.
“Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.”
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944