Vanta Bug Exposed Customer Data to Other Clients
Compliance software company Vanta has confirmed a software bug exposed private customer data to other Vanta clients. The company told TechCrunch the incident was not the result of a cyberattack but stemmed from a product code change.
Vanta, which helps businesses automate security and compliance workflows, said it discovered the issue on May 26 and expects to complete remediation by June 4.
According to Jeremy Epling, Vanta’s Chief Product Officer, the bug led to the exposure of a subset of data from fewer than 20% of third-party integrations. Less than 4% of Vanta’s more than 10,000 customers were affected, and all impacted clients have been notified.
One affected customer told TechCrunch that Vanta informed them of data being mistakenly pulled into and out of their Vanta instance, potentially including employee names, roles, and configuration data such as multi-factor authentication settings.
Vanta declined to specify which customers were affected or whether employee data from Vanta itself was involved.
Founded in 2018, Vanta has raised over $350 million, including $150 million in a Series C round in July 2024.