UK-based cyber-security vendor Sophos suffered from a security breach on November 2020.
An access permission problem was discovered in a mechanism that Sophos uses to keep track of clients who have contacted Sophos Support.
Customer-first and last names, email addresses, and phone numbers were among the details exposed.
According to Sophos, the configuration error was discovered by a security researcher, and the problem was immediately addressed.
TPRM report: https://scoringcyber.rankiteo.com/company/sophos
"id": "sop141111623",
"linkid": "sophos",
"type": "Breach",
"date": "11/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Technology',
'location': 'UK',
'name': 'Sophos',
'type': 'Cyber-Security Vendor'}],
'attack_vector': 'Access Permission Issue',
'data_breach': {'personally_identifiable_information': True,
'type_of_data_compromised': ['Customer-first and last names',
'Email addresses',
'Phone numbers']},
'date_detected': 'November 2020',
'description': 'UK-based cyber-security vendor Sophos suffered from a '
'security breach in November 2020. An access permission '
'problem was discovered in a mechanism that Sophos uses to '
'keep track of clients who have contacted Sophos Support. '
'Customer-first and last names, email addresses, and phone '
'numbers were among the details exposed. According to Sophos, '
'the configuration error was discovered by a security '
'researcher, and the problem was immediately addressed.',
'impact': {'data_compromised': ['Customer-first and last names',
'Email addresses',
'Phone numbers']},
'post_incident_analysis': {'root_causes': 'Configuration Error'},
'response': {'remediation_measures': 'Configuration error was immediately '
'addressed'},
'title': 'Sophos Security Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Configuration Error'}