Vanta Data Exposure: Bug Impacts Customer Data Security

Vanta Data Exposure Impacts Customer Information

A recent software bug in Vanta's compliance platform resulted in a data exposure incident, impacting a small percentage of its customers. The company confirmed the issue stemmed from a product code change, not a security intrusion.

Limited Impact, Remediation Underway

Vanta, a company specializing in automated security and compliance solutions, discovered the bug on May 26th and expects full remediation by June 4th. The incident exposed a subset of data from less than 20% of their third-party integrations to other Vanta customers. Fewer than 4% of Vanta's over 10,000 customers were affected, and all have been notified.

Nature of Exposed Data

While the specific types of data exposed remain undisclosed, one affected customer reported that Vanta's notification mentioned "employee account data" being erroneously shared. This data reportedly includes employee names, roles, and configuration details for certain tools, such as multi-factor authentication usage.

Vanta has not publicly confirmed the specific data types involved or whether any Vanta employee data was exposed.

About Vanta

Founded in 2018, Vanta has raised over $350 million in funding, including a $150 million Series C round in July 2024. The company helps businesses automate their security and compliance processes.

For more information about Vanta, visit their website: Vanta.