UK-based cyber-security firm Sophos has notified customers about a security breach earlier this week.
In an email sent to customers, Sophos said: “On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support."
The emails were shared with ZDNet, which revealed that the breach exposed customer information including first and last names, and contact details.
A rough 2020 for Sophos
According to the company, only a few customers were affected, but it did not disclose specific numbers. The firm also said it fixed the problem as soon as it learned of the issue from a security researcher.
"At Sophos, customer privacy and security are always our top priority," a company spokesperson said. "We are contacting all affected customers. Additionally, we are implementing additional measures to ensure access permission settings are continuously secure."
This is the second security issue the cybersecurity company has had to face this year.
In April, Sophos had to patch a zero-day vulnerability in its XG Enterprise Firewall product that was being breached. Although Sophos didn’t confirm whether any data was stolen, they said information taken could possibly include usernames and passwords for the firewall device admin, for the firewall portal admins, and user accounts used for remote access.