Compliance firm Vanta has confirmed {that a} bug uncovered the non-public information of a few of its clients to different Vanta clients. The corporate instructed information.killnetswitch that the information publicity was a results of a product code change and never attributable to an intrusion.
Vanta, which helps company clients automate their security and compliance processes, mentioned it recognized a difficulty on Could 26 and that remediation will full June 4.
The incident resulted in “a subset of information from fewer than 20% of our third-party integrations being uncovered to different Vanta clients,” based on the assertion attributed to Vanta’s chief product officer Jeremy Epling.
Epling mentioned fewer than 4% of Vanta clients had been affected, and have all been notified. Vanta has greater than 10,000 clients, based on its web site, suggesting the information publicity doubtless impacts a whole lot of Vanta clients.
One buyer affected by the incident instructed information.killnetswitch that Vanta had notified them of the information publicity. The shopper mentioned Vanta instructed them that “worker account information was erroneously pulled into your Vanta occasion, in addition to out of your Vanta occasion into different clients’ situations.”
The shopper instructed information.killnetswitch that Vanta’s discover mentioned the sort of information “usually contains” info like worker names, roles, and details about configurations of some instruments, akin to the usage of multi-factor authentication.
When requested by information.killnetswitch, Vanta spokesperson Erin Cheng wouldn’t say what sorts of clients’ information had been concerned in the course of the incident or touch upon whether or not Vanta worker information was uncovered.
Based in 2018, Vanta has raised greater than $350 million to this point, together with $150 million in its most up-to-date Collection C funding spherical in July 2024.
