Earlier this week, the company was informed of an access permission problem in a tool. The tool contains customers' information who contact Sophos support. The company said this in an email sent to its customers.
The company says that it came to know about the issue through an expert and had fixed the misconfiguration as soon as it was reported. According to Sophos, customer privacy and safety is their topmost priority. It is currently contacting all impacted customers.
Besides this, the company has implemented preventive measures to ensure that permission settings are not exploited. The data breach is the second cybersecurity incident that Sophos suffered this year.
In April, a quite similar incident happened where hackers found and exploited a zero-day XG Firewall in Sophos and attacked companies worldwide. The hackers used Asnarok malware, but when the vulnerability was exposed, they shifted to ransomware and failed eventually.
The email reads, "On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support. As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue ..
Support the originator by clicking the read the rest link below.