The company better safetys, UK-based Sophos, notified its customers via email of a security breach it suffered earlier this week.
“On November 24, 2020, Sophos was made aware of an access authorization issue in a tool used to store information from customers who have contacted Sophos Support, ”the company said in an email sent to its customers.
Exposed information included details such as customer name and surname, email addresses and telephone numbers (if provided).
A Sophos spokesman confirmed the messages and told ZDNet that a "small subset" of the company's customers were affected, but did not give an approximate number.
Sophos said it learned of the incorrect settings from a security researcher and immediately corrected the issue.
“At Sophos, the privacy και η ασφάλεια των πελατών είναι πάντα η πρώτη μας priority. We are contacting all affected customers. In addition, we implement additional measures to ensure that access authorization arrangements are always secure.”
This is the second major security incident faced by Sophos this year. In April, a team discovered that a 0day was being used on the wall protections Sophos XG to breach companies around the world. The attackers developed the Asnarok trojan and once it was publicly revealed, they tried to run ransomware, but failed.