Breach Notification , Incident & Breach Response , Security Operations
Sophos Warns Customers of Possible Data Leak
Company Reportedly Investigating Misconfigured System as CauseSecurity firm Sophos is warning that some of its customers may have had their data exposed due to a misconfigured internal system, according to a published report.
On Tuesday, the U.K.-based firm sent a message to customers noting that, because of an "access permission issue in a tool used to store information on customers who have contacted Sophos Support," some data may have leaked, according to a report on ZDNet, which obtained a copy of the notification.
See Also: A Better Way to Cover the Bases for Breach Protection
The data that possibly leaked included customers' last names, email addresses and phone numbers, according to the report. In a message to Information Security Media Group, a company spokesperson confirmed the incident and noted that only a "small number" of customers were affected by it. The company did not offer specifics.
"A small subset was affected in no specific region," the Sophos spokesperson noted. "Sophos quickly fixed the issue. At Sophos, customer privacy and security are always a top priority."
Past Attacks
This is the second instance this year of a security incident affecting a Sophos internal system.
In April, Sophos reported that hackers tried two methods of exploiting a zero-day vulnerability in Sophos' XG firewall, for which the company made a temporary fix that mitigated the risks (see: Hackers Tried to Exploit Zero-Day Flaw in Sophos Firewall).
The company noted that it experienced the first wave toward the end of April, when crypto-locking malware called Ragnarok attempted to take advantage of a zero-day SQL injection vulnerability in the XG firewall products. When Sophos blocked this firewall attack, the attackers proceeded to leverage the EternalBlue vulnerability in older versions of Microsoft Windows and the DoublePulsar backdoor malware to re-enter networks and plant the Ragnarok ransomware, Sophos noted in an update.
Misconfigured Tools
Misconfigured databases, servers and other IT are considered to be the top reason for data breaches globally.
In a 2019 report, IBM noted that data breaches arising from misconfigurations have cost companies worldwide nearly $5 trillion in 2018 and 2019. The report further noted that healthcare was the industry most affected by misconfigured internal systems.
For instance, in February 2019, a misconfigured database at UW Medicine in Washington state that left patient data exposed on the internet for several weeks resulted in a breach affecting 974,000 individuals (see: Misconfiguration Leads to Major Health Data Breach).
In November 2019, a misconfigured billing system at Texas Health Resources affected nearly 83,000 individuals and prompted the hospital to file 15 breach reports to federal regulators - one for each hospital involved (see: IT Misconfiguration Leads to 15 Breach Reports).
Earlier this month, the FBI warned that hackers were exploiting known configuration vulnerabilities in SonarQube instances to gain access and exfiltrate proprietary code and then publicly post the data (See: Federal Source Code Accessed Via Misconfigured SonarQube).