Cybersecurity company is not immune to software misconfiguration, as Sophos as experienced.
The UK-based cybersecurity and hardware company has emailed a small group of its customers, alerting them that their personal information was exposed following a security breach.
This happened after a misconfigured "tool" used by the company to store information inadvertently exposed customer data to unauthorized parties.
The misconfiguration was first spotted by a security researcher who contacted Sophos to alert it about the data leak.
While Sophos did not provide any information on who discovered and disclosed the insecure storage tool or on the exact number of people that are affected, the company did say that the exposed data includes customers' first and last names, email addresses, and their contact phone number if it was provided to Sophos Support.
The company also said that the customer support information is no longer exposed after the company took steps to stop the data exposure.
"On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support," the company said in the notification email.
"As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue."
"At Sophos, customer privacy and security are always our priority," the cybersecurity firm added. "We are contacting all affected customers."
"Additionally, we are implementing additional measures to ensure access permission settings are continuously secure."
This data leak is a reminder that nothing is immune to human error, especially errors that are exacerbated by the pandemic’s havoc and growing complexity of the modern threat landscape.
Sophos is at this time, owned by U.S. private equity firm Thoma Bravo, which acquired the cybersecurity company for about $3.8 billion in October 2019.