British cybersecurity and hardware company Sophos is contacting some of its customers over a security incident discovered on Tuesday that led to exposure of their personal information.
“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company explained in the notification email sent to affected customers.
The exposed data included customer first and last names, email addresses, and phone numbers (if provided to Sophos Support).
The company also said that the breach affected only a small subset of customers and the that the issue was quickly fixed.
“Additionally, we are implementing additional measures to ensure access permission settings are continuously secure,” Sophos said.
Earlier this year Sophos issued an emergency security update to fix a zero-day vulnerability that had been exploited by hackers to deploy Asnarök malware on its XG Firewall devices.