Typeform, the popular Spanish-based online data collection company that specializes in online forms and surveys, announced on Friday that the company has suffered a data breach that resulted in the exposure of some of its user’s data.
The notice posted on the company’s website states that Typeform identified the breach on June 27 and addressed its cause around half an hour after a forensic investigation of the incident. According to the company, an unauthorized hacker managed to gain access to its servers and downloaded a partial data backup for surveys conducted before May 3, 2018.
The compromised file contains the names, email addresses, and other pieces of data submitted by users through Typeform forms.
The company did not disclose any details regarding the vulnerability that was exploited by hackers to gain access to its servers, but it assured its users that no payment details or password information was compromised as a result of this breach.
UK-based digital mobile-only bank, Monzo, used Typeform’s service to collect survey results in the past and is one of the impacted organizations of this breach. Monzo claims that roughly 20,000 individuals are likely to have been included in this breach.
The company claims the majority of individuals only had their email address exposed, however, in a small number of cases, data such as postcode, the name of the old bank, Twitter username, university, city, age, salary range and employer was also compromised. Monzo has since cut ties with Typeform following the incident, stating, “We’re also ending our contract with Typeform, at least until they can prove they’ve improved their security, and have deleted all customer data from their servers.
The Tasmanian Electoral Commission was also impacted by this breach, claiming that while some of the data that was stolen was already public, the attacker may have also compromised the names, addresses, email addresses and dates of birth submitted by electors when applying for an express vote at recent elections.
Typeform has assured customers that it has identified and addressed the source of the security incident, claiming to have conducted a comprehensive review of its system security and taking “significant measures” to prevent incidents like this for arising again in the future.
Ensuring systems are free of all known vulnerabilities is essential to protecting sensitive data from hackers or malicious insiders. The Center for Internet Security (CIS) is the industry standard in secure configuration guidance, developing comprehensive, consensus-derived checklists to help identify and mitigate known security vulnerabilities across a wide range of platforms. NNT is a fully accredited CIS Vendor with access to thousands of CIS Benchmark reports available to download to help your organization mitigate known vulnerabilities found in your IT environment.
Every CIS Benchmark offers prescriptive guidance for establishing a secure configuration posture for your IT Infrastructure, including a detailed description and rationale of potential vulnerabilities together with clear auditing and remediation steps.