This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 - GDPR

JohnSmithers over 5 years ago

Hi,

Is anyone else reporting this to the authorities under GDPR as a data breach?

Just wondering what next steps for others are.

Thanks

This thread was automatically locked due to age.

0 JasP over 5 years ago

It should be reported by Sophos themselves (although others can also report it).

To be fair, aside from the vulnerability itself, the seem to have handled it well so far. What the report doesn't have details of, is what the SQL injection vulnerability was. SQL injections are a known issue so I wonder why the OS didn't filter this one out.
Cancel
Vote Up 0 Vote Down

Cancel
0 FloSupport over 5 years ago in reply to JasP
Hi All,

Please reference the following Sophos Uncut article for more info: https://news.sophos.com/en-us/2020/04/26/asnarok/

Data exfiltration process

Note: This section describes our understanding of the data exfiltration capabilities of the malware at the time of publication of this article, but we have not discovered any evidence that the data collected had been successfully exfiltrated.
Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Jelle over 5 years ago

I reported to our data protection officer and added the notification from Sophos so he can get the details from there.

Regards, Jelle

Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel