UPDATED 19:22 EDT / NOVEMBER 26 2020

SECURITY

Sophos customer data exposed following ‘access permission issue’

U.K. cybersecurity software company Sophos Group plc has suffered a security breach, exposing data relating to some of its customers.

The company informed customers via email, describing the breach as involving an “access permission issue in a tool used to store customer information on customers who have contacted Sophos Support.”

Although Sophos says only a small subset of customers was exposed, the data that was exposed included names, email addresses and contact phone numbers. The issue is described by Sophos as having been quickly fixed.

SiliconANGLE has contacted Sophos for comment. The company has not gone into detail as to how the data was exposed or whether any bad actors had accessed it, but an “access permission issue” sounds like it may have been yet another case of a company failing to properly secure cloud storage, an all-too-common tale in 2020.

“This incident is a colorful reminder that no one is immune from a human error exacerbated by the pandemic’s havoc and growing complexity of the modern threat landscape,” Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE. “Continuous attack surface monitoring is the must-have solution to timely detect, respond and mitigate the growing complexity of IT infrastructure, human omissions and related misconfigurations.”

Kolochenko noted that the incident isn’t likely to have any major consequences for the victims. “No highly sensitive information, such as banking, health or credit card data, was reportedly exposed,” he said. “Moreover, many users that approach support, commonly use central phone numbers or even fake emails that are of not much value to hackers. Sophos’s open reaction to the incident seems to be swift and professional, taking accountability for the incident with adequate mitigation.”

As a result, he added, the incident likely won’t attract the attention of law enforcement agencies or regulatory authorities, or victims’ lawyers.

Image: Sophos

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU