Sophos informs customers about data protection incident (Nov. 2020)

[German]UK company Sophos has informed a limited number of customers by email of a data breach. The incident is said to have resulted in the loss of personal data from the affected individuals.


Sophos is a UK cyber security and hardware company which was acquired some time ago by financial investor Bravo (see Sophos acquired by Thoma Bravo). Here in the blog I occasionally report about Sophos products (see the link list at the end of the article).

Now there seems to have been a privacy incident that Bleeping Computer reports about here. According to the following text, Sophos has sent an email to a small group of customers informing them that their personal information has been disclosed following a security vulnerability discovered on Tuesday.

On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support. As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue.

Your information was exposed, but due to remediation measures we have taken, your data is no longer exposed. Specifically, first name, last name, email address and, where provided, a contact phone numer.

Sophos claims that this issue has been resolved quickly. Sophos does not provide a number, but writes from a smaller number of people who had contacted support. This group of people had been informed by email. No specific region is mentioned that could be affected.

Similar articles:
Sophos acquired by Thoma Bravo
Chrome 84 & Sophos Authentication for Thin Clients (SATC)
Hacker attack on Sophos firewalls via 0-day exploit
Three vulnerabilities in Sophos/Cyberoam firewall technology
0-day vulnerability in Sophos XG Firewall under attack
Revised Firmware update Sophos UTM 9.703-3 released
Sophos RED50: Bug that bricks UTMs found and fixed

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

One Response to Sophos informs customers about data protection incident (Nov. 2020)

  1. P.D. says:

    Well, I guess the old English Automobile/Naval Maxim applies to software too:
    "If it's English, it leaks."

Leave a Reply

Your email address will not be published. Required fields are marked *