Vanta bug exposed customers’ data to other customers

The company of conformity Vanta confirmed that a bug exposed the private data of some of its customers to other VARTA customers. The company told Techcrunch that exposure to data was the result of a product code change and not caused by an intrusion.

Vanta, which helps companies of companies automate their security and compliance processes, said it has identified a problem on May 26 and that the correction will end on June 4.

The incident resulted in “a data subset of less than 20% of our third-party integrations exposed to other Vanta clients”, according to the press release assigned to the Product Manager, Jeremy Epling.

EPLING said that less than 4% of Vanta customers have been affected and were all informed. Vanta has more than 10,000 customers, According to his websitesuggesting that exposure to data probably affects hundreds of Vanta customers.

A client affected by the incident told Techcrunch that Varta had informed them of the data exposure. The Customer said that Vanta told them that “data from the employees’ account was wrongly provided in your Vanta body, as well as your body was boasting in the authorities of other customers”.

The Customer told Techcrunch that Vanta’s opinion indicated that this type of data “generally understands” information such as employees, roles and information on the configurations of certain tools, such as the use of Multi-Factor authentication.

When asked by Techcrunch, the spokesperson for Vanta, Erin Cheng, would not say what customer data types were involved during the incident or to say if the data from Vanta employees were exposed.

Founded in 2018, Vanta has raised Over $ 350 million to dateIncluding 150 million dollars in its last series of financing in the C series in July 2024.