Surveys-as-a-service outfit Typeform spilled a backup from May
Casualties include posh food store Fortnum & Mason, Australian voter data
Spanish Web form and survey company Typeform has announced a data breach in June, affecting data dated May, after someone gained access to one of the company's backup files.
The company said the intruder accessed files “from a partial backup dated May 3rd, 2018”, and said it will contact all affected customers. “We identified the breach at 14:00 CET on June 27th, and remedied the apparent cause of the breach at 14:30 CET on June 27th”, the company said.
We’ve had a data breach. If you were affected, you will have received an email from us. Click here to learn more: https://t.co/dFVhn1nAht— Typeform (@typeform) June 29, 2018
We’re here to support you ❤️
The company has not identified what it called “partial information”, but affected customers have detailed the extent of the issue.
British high-end nosh outlet Fortnum & Mason wrote to customers saying "Approximately 23,000 of our data entries have been affected" with "email addresses, survey/vote responses and for a smaller number of contacts, postal address and social handles" exposed.
The store added "All other personal information and/or purchase information is safe and protected. We can assure you that no bank or payment details have been involved, and your money and accounts are safe."
In Australia, the Electoral Commission for State of Tasmania was impacted. In this media release the Commission warned voters that if they had applied for an express vote in the state's March election, their “name, address, email and date of birth information” was potentially breached. The commission says it used Typeform to host five forms used by citizens.
“The Electoral Commission will be contacting electors that used these services in the coming days to inform them of the breach”, the statement continued.
Clients of other customers might have less – or more – exposure, depending on the information gathered using Typeform.
The service says its customers' payment details were not compromised, client passwords were not exposed, and all data collected since May 3rd, 2018, is safe.
End-user payment information is another matter. Typeform said that payment data is safe “If you [that is, the Typeform customer – El Reg] collected payments via our Stripe integration”. It doesn't mention what might happen if a customer stored data like credit card info in a form. ®