Sophos will continue to update this list as required.

Q: What is the issue?

Information from a small subset of customers who have contacted Sophos support was exposed due to an access permission issue.

Q: Is the issue corrected?

Yes, the access permission issue has been corrected and data is no longer exposed.

Q: What information was exposed?

  1. First name
  2. Last name
  3. Email address
  4. Phone number (if provided)

Q: Has Sophos advised impacted individuals?

Yes, Sophos has advised the impacted individuals.

Q: Are individuals expected to take any action?

There is no action that an impacted individual needs to take at this time.

Q: Were my details exposed?

If you personally received an email, your data was exposed. If you did not receive an email, your data was not exposed.

Q: How many records were exposed?

It is a small subset of the Sophos customer base.

Q: Can you send me the list of impacted individuals, or a list of employees in my company who were impacted?

No, we can not distribute a list of impacted individuals.

Q: Where can I find Sophos Group Privacy Policy?

Customers can read the privacy policy at

Q: What was the email content sent to impacted customers?

Email Subject: Potential exposure of your contact information