Vanta is a comprehensive trust management platform that was launched in 2018. Most recently, it disclosed a data exposure incident which affected fewer than 4% of its consumers. The company has now raised more than $350 million and in its most recent round held a valuation of $2.45 billion. On May 26, it came out and admitted fault. The firm’s remediation plan should be finished by June 4.
Vanta is a San Francisco-based automation platform helping corporate clients get security and compliance processes up to scale. The recent bug allegedly resulted in the sensitive private data of some customers being exposed to other Vanta customers. According to Vanta’s chief product officer, Jeremy Epling, the exposure involved “a subset of data from fewer than 20% of our third-party integrations being exposed to other Vanta customers.”
All impacted customers have been informed of the experience. In a notice sent to one impacted customer, Vanta explained that “employee account data was erroneously pulled into your Vanta instance, as well as out of your Vanta instance into other customers’ instances.” The company detailed that the exposed information “generally includes employee names, roles, and information about configurations of some tools, such as the use of multi-factor authentication.”
Vanta’s most recent funding round, a Series C completed in July 2024, raised $150 million and solidified the company’s position in the market. It’s why businesses have begun adopting the platform en masse to simplify their compliance workflows and business security practices. It ensures them align with industry standards and best practices while safeguarding sensitive information.
As Vanta continues to navigate this remediation process, it is important to remember that the company is dedicated to upholding customer trust and further strengthening its security protocols. Christina Cacioppo, a spokesperson for Vanta, touted the company’s commitment to transparency and security in response to this incident.
