Sophos has issued a security notification to channel partners, explaining why the security company took its partner portal offline last week and reset all portal user passwords. The reason: Sophos discovered suspicious activity on April 3, issued an initial alert on April 5, and offered a more comprehensive partner update on April 6. Here’s the blow-by-blow.

The chatter started on April 5, when Sophos stated:

Sophos explained some precautionary steps and an in-depth security audit to help determine if any damage had been done. The company “assumed the worst” during the audit and rest partner passwords as a precautionary step.

By Friday, April 6, Sophos disclosed that no financial information was stolen from this database. At the time, the company was still performing a forensic offline analysis to gain “a complete understanding of the attack.”

Predictably, hackers sometimes attack security companies in pursuit of fame or back-door fortune into additional IT systems. Ironically, the Sophos alert to partners arrived around the same time that Sophos announced a new global channel chief.