The security company, Sophos from the United Kingdom, informed its customers via email about a security breach it suffered earlier this week.
"On November 24, 2020, Sophos was notified of an issue authorizing access to a tool used to store information from customers who have contacted Sophos Support," the company said in an email sent to its customers.
Exposed information included details such as customer name and surname, email addresses and telephone numbers (if provided).
A Sophos spokesman confirmed messages and told ZDNet that a "small subset" of the company's customers were affected, but did not give an approximate number
Sophos said it learned about the misconfigurations from a researcher security and promptly corrected the reported issue.
“At Sophos, the privacy and customer safety is always our first priority. We are contacting all affected customers. In addition, we implement additional measures to ensure that access authorization arrangements are always secure.”
This is the second major security incident faced by Sophos this year. In April, a team discovered that a 0day's Sophos XG firewall was being used to hack companies around the world. The attackers developed the Asnarok trojan and as soon as it was publicly revealed, they tried to run ransomware, but without success.