- Vanta admits that he introduced an error in his code
- The error resulted in a small subset of customers with exposed data
- The error is run and the affected clients notified
The Vanta Safety and Compliance Automation Company has confirmed to share confidential clients with other customers by mistake.
In a statement (through Techcrunch), the company said that a change that had made in the code resulted in a security violation. In it, some confidential data of a small subset of customers with other clients were shared.
The incident was arrested on May 26, and remediation efforts are currently in progress, and the process will end before June 4.
Hundreds of victims
As a result of the incident, “a subset of data of less than 20% of our third -party integrations” was exposed to other customers of Vanta, said company product director Jeremy Epleing.
He added that less than 4% of Vanta’s clients have been affected, and have already been notified.
Since the company has more than 10,000 clients, that would make the violation of up to 400. At the same time, the data violation notification letter that Vanta sent says that the data generally includes employee names, roles and information about different tools, such as 2FA. The company did not confirm what type of data were obtained.
Vanta is a security and compliance automation platform that helps companies achieve and maintain certifications such as SOC 2, ISO 27001, Hipaa and GDPR more efficiently through monitoring and continuous integrations.
Among his clients are Atlassian, Omni Hotels, Quora and Zoominfo.
