Sophos Firewall

Discussions KBA 135412 - GDPR

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 30 subscribers
Views 1555 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 - GDPR

JohnSmithers over 5 years ago

Hi,

Is anyone else reporting this to the authorities under GDPR as a data breach?

Just wondering what next steps for others are.

Thanks

This thread was automatically locked due to age.

0 JasP over 5 years ago

It should be reported by Sophos themselves (although others can also report it).

To be fair, aside from the vulnerability itself, the seem to have handled it well so far. What the report doesn't have details of, is what the SQL injection vulnerability was. SQL injections are a known issue so I wonder why the OS didn't filter this one out.
Cancel
Vote Up 0 Vote Down

Cancel
0 FloSupport over 5 years ago in reply to JasP
Hi All,

Please reference the following Sophos Uncut article for more info: https://news.sophos.com/en-us/2020/04/26/asnarok/

Data exfiltration process

Note: This section describes our understanding of the data exfiltration capabilities of the malware at the time of publication of this article, but we have not discovered any evidence that the data collected had been successfully exfiltrated.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jelle over 5 years ago

I reported to our data protection officer and added the notification from Sophos so he can get the details from there.
Cancel
Vote Up 0 Vote Down

Cancel