Typeform, the popular Spanish-based online data collection company that specializes in online forms and surveys, announced on Friday that the company has suffered a data breach that resulted in the exposure of some of its user’s data.

The notice posted on the company’s website states that Typeform identified the breach on June 27 and addressed its cause around half an hour after a forensic investigation of the incident. According to the company, an unauthorized hacker managed to gain access to its servers and downloaded a partial data backup for surveys conducted before May 3, 2018.

The compromised file contains the names, email addresses, and other pieces of data submitted by users through Typeform forms.

The company did not disclose any details regarding the vulnerability that was exploited by hackers to gain access to its servers, but it assured its users that no payment details or password information was compromised as a result of this breach.

UK-based digital mobile-only bank, Monzo, used Typeform’s service to collect survey results in the past and is one of the impacted organizations of this breach. Monzo claims that roughly 20,000 individuals are likely to have been included in this breach.

The company claims the majority of individuals only had their email address exposed, however, in a small number of cases, data such as postcode, the name of the old bank, Twitter username, university, city, age, salary range and employer was also compromised. Monzo has since cut ties with Typeform following the incident, stating, “We’re also ending our contract with Typeform, at least until they can prove they’ve improved their security, and have deleted all customer data from their servers.

The Tasmanian Electoral Commission was also impacted by this breach, claiming that while some of the data that was stolen was already public, the attacker may have also compromised the names, addresses, email addresses and dates of birth submitted by electors when applying for an express vote at recent elections.

Typeform has assured customers that it has identified and addressed the source of the security incident, claiming to have conducted a comprehensive review of its system security and taking “significant measures” to prevent incidents like this for arising again in the future.

Ensuring systems are free of all known vulnerabilities is essential to protecting sensitive data from hackers or malicious insiders. The Center for Internet Security (CIS) is the industry standard in secure configuration guidance, developing comprehensive, consensus-derived checklists to help identify and mitigate known security vulnerabilities across a wide range of platforms. NNT is a fully accredited CIS Vendor with access to thousands of CIS Benchmark reports available to download to help your organization mitigate known vulnerabilities found in your IT environment.  

Every CIS Benchmark offers prescriptive guidance for establishing a secure configuration posture for your IT Infrastructure, including a detailed description and rationale of potential vulnerabilities together with clear auditing and remediation steps.

Click here to access these CIS resources

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.