Access Misconfiguration of Internal Legacy Customer Support Ticketing System

glowing hexagonal cells on a concrete background XE65277 0

Sangoma has concluded a thorough investigation into a misconfiguration of an internal, long unused customer support ticketing system historically used by Sangoma’s support and engineering departments to resolve IT and customer issues. As part of that investigation, we were obliged to comply with applicable legal requirements and procedures and have reported the incident to the appropriate legal authorities: we are now permitted to make this public.

While the investigation found no malicious use, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and holding ourselves accountable.

Our investigation has determined that a permission change made to the two deprecated Jira projects, by the IT team, on Nov 12 2019 allowed public read only exposure of the data. In specific search phrases, the contents of those Jira tickets were being offered as part of search engine results. Individuals would have been able to click on the search result and enter into a specific Jira ticket offered by the search engine.

We became aware of the issue on Dec 17, 2019 and, on the same day, Sangoma IT remediated the configuration to restrict the jira access and prevent any further unauthorized access. This issue was specific to two internal deprecated Jira projects: INFRA & SIP, that have NOT been in-use for a number of years and were only used for internal support cases by IT and Cloud Services support teams.

Our investigation confirmed that substantially all of the records did not contain any personal or CPNI information in accordance with our standard practices. After reviewing the contents of all Sangoma INFRA & SIP Tickets that were exposed to the internet and cross referenced the tickets to the access logs, we determined that there were two cases of possible exposure. None of the data exposed was material and we informed our affected customers.

We are committed to the privacy and security of our customers and are taking action to prevent future occurrences of this issue. We have updated our procedures to make sure that such changes do not occur in the future: alerts will be triggered on configuration changes along with scheduled period reviews of public facing systems.

We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to make sure that such mistakes do not happen again.

Sourced from: Sangoma. View the original article here.

————————————————————–
Have you checked out the new WhichVoIP.co.za website as yet? Benchmark your services against your peers, have a look at what your competitors are doing, get listed in the best Telecoms provider directory in South Africa, and advertise on the site to attract customers to your page where you can view page hits, respond to reviews, load adverts, and more.

Visit WhichVoIP.co.za or jump to a leading comparison section:

Enjoy the site!

————————————————————–

About Telecoms-Channel

Telecoms-Channel.co.za is your one-stop source for the latest news and insights from the telecoms industry in South Africa, where you get comprehensive coverage of the industry and keep up with the ever-evolving market landscape.

Whether you need to understand market trends, identify new opportunities, or stay informed of the latest developments, we have you covered.

In addition to bringing the best news together, we have access to an extensive supplier network that makes it easy for any telecoms company looking to tap into new markets or enter the telecoms industry. Take advantage of our expertise and contact us today to find your next partner!

Other posts you might be interested in

Ericsson LG
Industry News

Ericsson-LG’s Key Trends Shaping the Future of Enterprise Communication

Ericsson-LG is at the forefront of transforming the business communications landscape. By harnessing the power of artificial intelligence, cloud technology, and robust cybersecurity, the company is empowering businesses to enhance productivity, streamline operations, and improve customer experiences.

Cloud PBX Solutions

Request Once, Get Multiple Quotes - Save Thousands!