Typeform, the popular Spanish-based online data collection company that specializes in online forms and surveys, announced on Friday that the company has suffered a data breach that resulted in the exposure of some of its user’s data.

The notice posted on the company’s website states that Typeform identified the breach on June 27 and addressed its cause around half an hour after a forensic investigation of the incident. According to the company, an unauthorized hacker managed to gain access to its servers and downloaded a partial data backup for surveys conducted before May 3, 2018.

The compromised file contains the names, email addresses, and other pieces of data submitted by users through Typeform forms.

The company did not disclose any details regarding the vulnerability that was exploited by hackers to gain access to its servers, but it assured its users that no payment details or password information was compromised as a result of this breach.

UK-based digital mobile-only bank, Monzo, used Typeform’s service to collect survey results in the past and is one of the impacted organizations of this breach. Monzo claims that roughly 20,000 individuals are likely to have been included in this breach.

The company claims the majority of individuals only had their email address exposed, however, in a small number of cases, data such as postcode, the name of the old bank, Twitter username, university, city, age, salary range and employer was also compromised. Monzo has since cut ties with Typeform following the incident, stating, “We’re also ending our contract with Typeform, at least until they can prove they’ve improved their security, and have deleted all customer data from their servers.

The Tasmanian Electoral Commission was also impacted by this breach, claiming that while some of the data that was stolen was already public, the attacker may have also compromised the names, addresses, email addresses and dates of birth submitted by electors when applying for an express vote at recent elections.

Typeform has assured customers that it has identified and addressed the source of the security incident, claiming to have conducted a comprehensive review of its system security and taking “significant measures” to prevent incidents like this for arising again in the future.

Ensuring systems are free of all known vulnerabilities is essential to protecting sensitive data from hackers or malicious insiders. The Center for Internet Security (CIS) is the industry standard in secure configuration guidance, developing comprehensive, consensus-derived checklists to help identify and mitigate known security vulnerabilities across a wide range of platforms. NNT is a fully accredited CIS Vendor with access to thousands of CIS Benchmark reports available to download to help your organization mitigate known vulnerabilities found in your IT environment.  

Every CIS Benchmark offers prescriptive guidance for establishing a secure configuration posture for your IT Infrastructure, including a detailed description and rationale of potential vulnerabilities together with clear auditing and remediation steps.

Click here to access these CIS resources

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.