[German]UK company Sophos has informed a limited number of customers by email of a data breach. The incident is said to have resulted in the loss of personal data from the affected individuals.
Advertising
Sophos is a UK cyber security and hardware company which was acquired some time ago by financial investor Bravo (see Sophos acquired by Thoma Bravo). Here in the blog I occasionally report about Sophos products (see the link list at the end of the article).
Now there seems to have been a privacy incident that Bleeping Computer reports about here. According to the following text, Sophos has sent an email to a small group of customers informing them that their personal information has been disclosed following a security vulnerability discovered on Tuesday.
On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support. As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue.
Your information was exposed, but due to remediation measures we have taken, your data is no longer exposed. Specifically, first name, last name, email address and, where provided, a contact phone numer.
Sophos claims that this issue has been resolved quickly. Sophos does not provide a number, but writes from a smaller number of people who had contacted support. This group of people had been informed by email. No specific region is mentioned that could be affected.
Similar articles:
Sophos acquired by Thoma Bravo
Chrome 84 & Sophos Authentication for Thin Clients (SATC)
Hacker attack on Sophos firewalls via 0-day exploit
Three vulnerabilities in Sophos/Cyberoam firewall technology
0-day vulnerability in Sophos XG Firewall under attack
Revised Firmware update Sophos UTM 9.703-3 released
Sophos RED50: Bug that bricks UTMs found and fixed
Advertising
Well, I guess the old English Automobile/Naval Maxim applies to software too:
"If it's English, it leaks."