All Eyes on Vanta: A Peek Behind the (Buggy) Curtain
When companies choose a compliance vendor they expect help with achieving certifications like SOC 2. They take for granted that the sensitive data they share – such as information about employees and security posture – will be kept confidential.
That’s no longer a safe assumption for Vanta customers, who’ve learned that the company recently exposed their data to the public.
Whoops.
What Went Wrong?
While the leak wasn’t caused by a third-party integration – the source of countless data breaches – it underscores how careful startups have to be when choosing a partner to tackle key compliance hurdles.
The data leak essentially exposed a portion of Vanta’s customer data to other customers.
TechCrunch’s Zak Whittaker writes of the leak:
One customer affected by the incident told TechCrunch that Vanta had notified them of the data exposure. The customer said Vanta told them that “employee account data was erroneously pulled into your Vanta instance, as well as out of your Vanta instance into other customers’ instances.”
This leaves Vanta customers hoping they won’t be included in any subsequent leaks as well as wondering if their exposed data was shared with competitors (a possible, even likely scenario).
An integration-based leak would’ve been almost easier to disclose, as companies are constantly relying on an interconnected web of products and services to deliver value. That this came from a standard product release suggests companies have good reason to look elsewhere when choosing a trustworthy compliance partner.
Leaked Data, Few Answers
Vanta has been tight-lipped about what kind of customer data it has leaked. Again, this should give current and would-be customers pause about the safety of its platform.
Cost-conscious startups choose companies like Vanta because they believe they can achieve a compliance outcome – not share their sensitive data with potential competitors. Data privacy is table stakes. At this rate, Vanta is losing its opportunity to stay at the table.
