Sophos customer data exposed by leak

Security vendor Sophos has accidentally exposed customers’ private data after a software misconfiguration within its information storage.

In an email first revealed by ZDNet, Sophos told customers there was an “access permission issue” in a tool used to store information on customers who have contacted Sophos Support. 

This led to the exposure of a certain number of customers' first and second names, email addresses and phone numbers, if they had been provided. 

Sophos was keen to stress that it was only a “small sub-set" of customers who were hit by the data leak. 

The British vendor concluded the email with: “At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers. Additionally, we are implementing additional measures to ensure access permission settings are continuously secure."

In April this year, Sophos was hit by a failed ransomware attack, just a month after its US$3.9 billion by Thoma Bravo. 

Sophos has been contacted for comment.