July 5, 2018
Typeform, a Spanish SaaS firm that concentrates on online surveys and forms, has declared it has faced a data break in which a hacker gained access to a standby file. The break happened on May 3, 2018 and was found six weeks later on June 27, 2018. Typeform has verified that a standby file was downloaded by the attacker.
Typeform described in a statement that the standby file only included ‘incomplete information,’ and all affected clients are being informed separately.
It is uncertain what constitutes ‘incomplete information’, even though some firms that use the Barcelona company have provided more information on the break. The British store Fortnum & Mason has begun informing its customs regarding the break, describing that “about 23,000 of our data entries have been affected.” Its situation, survey replies together with electronic mail addresses, social handles, postal addresses, and a restricted number of contacts have been disclosed.
Thriva, the Tasmanian Electoral Commission, Birdseye, Ocean Protocol, HackUPC, and payment provider Monzo have all verified that they have been impacted by the break. Monzo has said about 20,000 of its clients have been impacted by the break.
In most situations the disclosed information was restricted to electronic mail addresses and demographic information, even though the Tasmanian Electoral Commission said that people who listed for an ‘express vote’ in the latest general elections have had their company name, date of birth, and salary range undermined in addition to names, email addresses, addresses, and openly available information.
Typeform said it has recognized the origin of the break and is taking important measures to safeguard its files and avoid upcoming data breaks from happening. Access to the backup files was gained via the abuse of a weakness, which has now been tackled.
Although the kinds of data undermined differ for each client, Typeform said payment data collected via its Stripe integration remains safe.