Vanta Confirms Critical Data Exposure: Private Customer Details Leaked to Other Users Due to Code Bug

Vanta, a prominent player in the compliance automation sector, has officially confirmed a significant security incident.

SAN FRANCISCO, CA, UNITED STATES, June 3, 2025 /EINPresswire.com/ -- Vanta, a prominent player in the compliance automation sector, has officially confirmed a significant security incident involving a software bug that exposed private customer data to other Vanta customers. The breach, attributed to a recent product code change, has reportedly affected hundreds of its clients, raising serious questions about the security practices of a company entrusted with sensitive corporate information.

According to details emerging and Vanta's own admissions, the issue was first identified internally on May 26, with remediation efforts projected to be completed by June 4. As of today, the incident is considered active.

Key Facts Uncovered:

- Nature of Exposure: Sensitive employee data, account configurations, multi-factor authentication (MFA) usage, and tool configuration details were "erroneously pulled into" other Vanta customer instances, and vice-versa.

- Customer Impact: While Vanta claims "fewer than 4% of customers" were affected, this still translates to an estimated "hundreds" of organizations whose data integrity has been compromised.

- Data Scope: The exposure impacted "fewer than 20%" of Vanta's third-party integrations.

- Cause: Vanta attributes the leak to a "Code Bug" resulting from a "Product change," explicitly stating it was "Not an intrusion" by external actors.

In an official statement, Vanta's Chief Product Officer, Jeremy Epling, acknowledged the breach: "A subset of data from fewer than 20% of our third-party integrations being exposed to other Vanta customers. Fewer than 4% of Vanta customers were affected, and have all been notified."

The company has begun notifying affected customers, informing them that "employee account data was erroneously pulled into your Vanta instance, as well as out of your Vanta instance into other customers' instances."

This incident casts a harsh spotlight on the inherent risks associated with centralized compliance platforms, especially when internal changes can lead to such widespread data cross-contamination. For a company whose core business is helping others manage security and compliance, this event is a stark reminder of the vulnerabilities that can exist even within purported expert systems.

The news was initially brought to light through investigative reporting by Zack Whittaker at TechCrunch on June 2, 2025. Comp AI are on scene to help get companies out of this mess.

As businesses increasingly rely on third-party vendors for critical compliance functions, this Vanta data leak underscores the importance of scrutinizing the security measures and transparency of such providers. Organizations may now be prompted to explore modern alternatives in the compliance space that offer more robust, transparent, and potentially community-vetted security architectures. The incident highlights the need for continuous monitoring and automated systems that can rapidly detect and mitigate such internal errors before they escalate.

Vanta, founded in 2018 and backed by over $350 million in funding, serves over 10,000 customers, making the potential fallout from this data exposure significant.

VantaDataLeak will continue to monitor this developing story and provide updates as more information becomes available.

Lewis Carhart
VantaDataLeak
email us here
Visit us on social media:
LinkedIn
X