- Vanta admits that he introduced a bug in his code
- The bug resulted in a small subset of customers with exposed data
- The error is corrected and the customers affected
The Safety and Compliance Automation Society has confirmed the sharing of sensitive customers data with other customers by mistake.
In a declaration (via Techcrunch), the company said that a modification it had made in the code had led to a security violation. In this document, some sensitive data from a small subset of customers have been shared with other customers.
The incident was spotted on May 26 and correction efforts are currently underway, the process that would end by June 4.
Hundreds of victims
Following the incident, “a data subset of less than 20% of our third-party integrations” was exposed to other Vanta customers, said the company’s product manager Jeremy Epling.
He added that less than 4% of Vanta customers have been affected and have already been informed.
Since the company has more than 10,000 customers, this would put violation up to 400. The company has not confirmed exactly what type of data has been entered.
Vanta is an automation and compliance automation platform that helps companies carry out and maintain certifications like SOC 2, ISO 27001, HIPAA and GDPR more effectively thanks to continuous monitoring and integrations.
Among its customers are Atlassian, Omni Hotels, Quora and Zoomifo.
