Breach Notification , Incident & Breach Response , Security Operations

Sophos Warns Customers of Possible Data Leak

Company Reportedly Investigating Misconfigured System as Cause
Sophos Warns Customers of Possible Data Leak

Security firm Sophos is warning that some of its customers may have had their data exposed due to a misconfigured internal system, according to a published report.

On Tuesday, the U.K.-based firm sent a message to customers noting that, because of an "access permission issue in a tool used to store information on customers who have contacted Sophos Support," some data may have leaked, according to a report on ZDNet, which obtained a copy of the notification.

See Also: Containing Cyber Exposure

The data that possibly leaked included customers' last names, email addresses and phone numbers, according to the report. In a message to Information Security Media Group, a company spokesperson confirmed the incident and noted that only a "small number" of customers were affected by it. The company did not offer specifics.

"A small subset was affected in no specific region," the Sophos spokesperson noted. "Sophos quickly fixed the issue. At Sophos, customer privacy and security are always a top priority."

Past Attacks

This is the second instance this year of a security incident affecting a Sophos internal system.

In April, Sophos reported that hackers tried two methods of exploiting a zero-day vulnerability in Sophos' XG firewall, for which the company made a temporary fix that mitigated the risks (see: Hackers Tried to Exploit Zero-Day Flaw in Sophos Firewall).

The company noted that it experienced the first wave toward the end of April, when crypto-locking malware called Ragnarok attempted to take advantage of a zero-day SQL injection vulnerability in the XG firewall products. When Sophos blocked this firewall attack, the attackers proceeded to leverage the EternalBlue vulnerability in older versions of Microsoft Windows and the DoublePulsar backdoor malware to re-enter networks and plant the Ragnarok ransomware, Sophos noted in an update.

Misconfigured Tools

Misconfigured databases, servers and other IT are considered to be the top reason for data breaches globally.

In a 2019 report, IBM noted that data breaches arising from misconfigurations have cost companies worldwide nearly $5 trillion in 2018 and 2019. The report further noted that healthcare was the industry most affected by misconfigured internal systems.

For instance, in February 2019, a misconfigured database at UW Medicine in Washington state that left patient data exposed on the internet for several weeks resulted in a breach affecting 974,000 individuals (see: Misconfiguration Leads to Major Health Data Breach).

In November 2019, a misconfigured billing system at Texas Health Resources affected nearly 83,000 individuals and prompted the hospital to file 15 breach reports to federal regulators - one for each hospital involved (see: IT Misconfiguration Leads to 15 Breach Reports).

Earlier this month, the FBI warned that hackers were exploiting known configuration vulnerabilities in SonarQube instances to gain access and exfiltrate proprietary code and then publicly post the data (See: Federal Source Code Accessed Via Misconfigured SonarQube).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.