Cybersecurity firm Sophos hit by data breach, says 'small subset' of customers affected

Leading cyber security company Sophos has notified some customers via email about a data security breach this week, saying a small subset of customers were affected.

According to a report in ZDNet on Thursday, the data exposure included details such as customers' first and last names, email addresses and phone numbers (wherever provided).

"On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support," the company said in the email.

Only a "small subset" of the customers were affected, it added.

This is the second time this year when Sophos was hit by threat actors.

In April, the UK-headquartered cyber security firm published an emergency security update to patch a zero-day vulnerability in its XG enterprise product being abused by hackers.

This time, Sophos said it came to know about the data exposure after a security researcher alerted the company.

"At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers," the company said.

"Additionally, we are implementing additional measures to ensure access permission settings are continuously secure."