• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Audio, IT Infrastructure, Network Security, News

Sennheiser Responds After Customer Data from 2018 Was Exposed Online

Audio equipment maker is working to investigate how some customer data was found exposed on the internet two months ago.

December 21, 2021 TD Staff Leave a Comment

health data breaches

Wedemark, Germany-based audio giant Sennheiser is working “intensively” to investigate how some customer data was exposed on the internet two months ago, the company says in a newly updated statement.

In a notice on its website, Sennheiser acknowledges being notified in October that some company data was displayed on the web. The company says it took immediate action to close the security gap.

According to the company, a cloud folder used for a temporary backup left some customer contact information exposed to the web.

At that time, the company says, it had been under the impression that no personal data was involved. However, the company has since learned that contact information was included.

Sennheiser’s Response

The statement reads, in part, as follows:

To our great regret, however, we learned in the meantime that contact information for some of our customers was accessible on the Internet in a cloud folder that was used for temporary data backup. This contact information (first and last name, address, and e-mail addresses as well as telephone numbers) was originally provided to register for our newsletter and for participation in online competitions.

At the end of last week, we therefore immediately complied with our duty to inform the data security authority of the state of Lower Saxony.

Although as of today we have no indication that the data from the cloud folder was accessed by third parties, we are working hard to reconstruct all details of the incident and notify potentially affected customers as soon as possible.

The statement is in response to a report from cybersecurity researchers with vpnMentor that states the data is from a cloud account dormant since 2018. It contained the contact data of over 28,000 customers.

vpnMentor says the issue was a misconfigured AWS S3 bucket, leading to more than 407,000 files and 55GB of data being exposed online. However, there is no evidence that the data was accessed or leaked, researchers say, as only the bucket’s owners know.

The vpnMentor research team discovered Sennheiser’s data vulnerability as part of a huge web-mapping project. Researchers use large-scale web scanners to search for unsecured data stores containing information that shouldn’t be exposed. They then examine each data store for any data being leaked.

Sennheiser was notified of the issue on Oct. 28 and closed the security gap on Nov. 1, according to vpnMentor.

The Data Exposed

As noted, some of the data exposed included full names, email addresses, phone numbers and home addresses. Other vulnerable information included names of companies requesting samples and number of employees of requesting companies.

According to the security researchers, the S3 bucket also contained a 4GB database backup, but it was protected.

The data was of customers and suppliers around the globe, but the majority of those exposed are based in North America and Europe, researchers say.

While the data itself will likely not lead to widespread cyberattacks or identity theft, hackers can use that data and piece it together with other available information to build a victim profile. That then can be leveraged in complex phishing campaigns designed to trick victims into providing more sensitive information, such as social security numbers, bank account details and more.

This article originally appeared on our sister site Commercial Integrator. It has been updated to reflect changes in the company’s statement.

Tagged With: Cybersecurity, Data Breach, Sennheiser

Related Content:

  • Owl Labs Bar Owl Labs Releases Owl Bar to Pair With…
  • ChatGPT, OpenAI, Artificial Intelligence, AI development Pump the Brakes on AI Development, Tech and…
  • Barracuda networks ransomware, cyberinurance Ransomware Actors May Be Targeting Organizations With Cyber…
  • Bitwarden Secrets manager Bitwarden Releases Beta of Secrets Manager for DevOps…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.