Vanta Data Breach: Customer Data Exposed

Vanta Data Exposure Incident Confirmed

Vanta, a compliance-focused organization, has acknowledged a security incident resulting in the unintentional disclosure of customer data. The company has stated that this exposure occurred due to a software modification and was not the result of unauthorized access.

Details of the Data Exposure

The issue was first detected on May 26th, with full resolution anticipated by June 4th. According to a statement from Vanta’s Chief Product Officer, Jeremy Epling, the incident impacted data from less than 20% of their third-party integrations.

Specifically, fewer than 4% of Vanta’s customer base were directly affected by this event, and all impacted parties have been informed. Considering Vanta serves over 10,000 customers, this suggests that hundreds of organizations may have experienced data exposure.

Nature of the Exposed Data

One affected customer reported to TechCrunch that the data breach involved the inadvertent transfer of employee account information. This included data being pulled into their Vanta instance, and conversely, data from their instance being sent to other customers.

The notification from Vanta indicated that the exposed data typically encompasses details such as employee names, job titles, and configuration settings for certain tools. This may also include information regarding the implementation of multi-factor authentication.

Vanta’s Response and Further Information

When questioned by TechCrunch, Vanta’s spokesperson, Erin Cheng, declined to specify the types of customer data involved or whether any internal Vanta employee data was compromised.

Company Background

Established in 2018, Vanta has successfully secured over $350 million in funding. This includes a recent $150 million Series C funding round completed in July 2024, demonstrating significant investor confidence.

Here's a summary of the key points: