Vanta, a leader in compliance automation, has acknowledged a software bug that inadvertently exposed some customer data to other users of its platform. According to a statement provided to TechCrunch, the exposure arose from a modification in product code rather than any external breach or intrusion.

## Identification and Response

The company, which specializes in streamlining security and compliance for businesses, discovered the issue on May 26. Vanta has assured stakeholders that measures to rectify the situation will conclude by June 4.

## Scope of the Incident

Jeremy Epling, Vanta's Chief Product Officer, stated that the data exposure impacted less than 20% of their third-party integrations and affected under 4% of their client base. Given that Vanta proudly serves over 10,000 customers, this incident potentially affects several hundred clients.

A customer impacted by the data exposure incident shared with TechCrunch that Vanta informed them about the erroneous sharing of employee account details. These details were mistakenly included in their Vanta instance, as well as disseminated into other customers’ instances. The data typically consists of employee names, roles, and configurations related to security tools like multi-factor authentication.

## Company Communication

When queried by TechCrunch, Erin Cheng, a Vanta spokesperson, abstained from specifying the types of data involved or whether data pertaining to Vanta employees was compromised.

## Company Background

Established in 2018, Vanta has successfully secured over $350 million in funding, with its most recent Series C round raising $150 million in July 2024.