Anyone else been notified about the TypeForm breach. Great email - it’s great to get notified, reassurance, and advice on the same day as the breach:
We were notified at 4.55pm this afternoon that Typeform, a company we’ve used to collect survey results in the past, has suffered a data breach.
Our initial investigations suggest that your email address is likely to have been included in the data.
We wanted to let you know as soon as possible and I want to personally apologise to you.
Is my Monzo account safe?
Yes. This data breach has not affected your Monzo account and your money is safe. This breach only affected the data you entered into the Typeform survey – it didn’t include any payment details or password information.
What should I do now?
You may see an increase in spam email, so be extra careful to only open messages that come from people or companies you know and trust.
You should also be vigilant for possible phishing scams, where someone sends you an email asking you to do something. Make sure you really know the sender and they’re not asking you to do anything unusual.
How did this happen?
It appears attackers found a weakness in Typeform’s security and managed to gain access to data backups for surveys conducted before May 3rd 2018. Those backups contained the responses to surveys. If we get more details, we’ll let you know as soon as possible.
What will Monzo do now?
Over the coming hours, we’ll be investigating this incident thoroughly and making sure we tell every affected customer as soon as possible. We will be reporting this incident to the Information Commissioner’s Office as soon as possible.
We’ll also be using this incident to learn for the future. We’re ending our contract with Typeform, at least until they can prove they have improved their security, and have deleted all customer data from their servers. In future, to reduce the chance of similar incidents, we’ll remove all survey data from any provider within two months of the survey.
Unfortunately, we can’t ever guarantee that something like this won’t happen, but we’re doing everything we can to protect your data.
I’m incredibly sorry this happened and will personally make sure we investigate it fully.
Well done Monzo