Dark Header
Sam O'Connor
Posted 3 years ago

Typeform data breach. No Coconut accounts affected.

Following a data breach suffered by one of our suppliers called Typeform we suspect that some of our customers’ data has been leaked.

We have emailed everyone affected. If you didn’t receive an email from us then you were not affected by the breach, but if you have any questions please feel free to get in touch.

Your money is safe

Typeform is a company we use to gather marketing data only and there is no risk to money held in Coconut accounts as no account information has been affected.

How this unfolded

On Friday evening we identified that Typeform, an online survey tool that we use to gather information like feedback and marketing data suffered a serious data breach. We immediately got in touch with Typeform to understand whether our customers were impacted by this.

At 21:05 last night on Friday 29th June we received an email from Typeform telling us that some of the data that we’ve gathered through their service has been affected by this breach. We immediately kicked off an investigation into the impact of this and the risk to our customers.

I would like to personally apologise to those that were impacted and tell you the steps that we’re taking to address it.

What happened?

The breach happened on 27th June when Typeform’s engineers identified that a backup of data gathered on Typeform’s platform before 3rd May 2018 had been accessed by an unauthorised party. Typeform has assured us that they identified this quickly and took steps to address it as well as undertaking a full security review of their service to prevent any more data loss.

What data was lost?

I’m very sad to report that that the following data may have been breached:

  • Names (211 in total)
  • Email addresses (318 in total)

Our investigation and the steps we’re taking

We have been working to identify the customers who have been impacted, the data that may have been lost and the risk that this poses to you.

This is a very serious issue at Coconut as the security of your data is critical to me and the leadership team. Coconut never want to put your data at risk, so we have undertaken a full review of our processes and have taken the following steps:

  • We have removed all customer data from Typeform’s servers
    We have removed all data from Typeform’s servers and will be working with them to ensure there are no backups of your data still stored.
  • We are terminating our use of Typeform
    Coconut is in the process of removing Typeform from our operation as a data gathering tool. Once this process is complete, we will not use Typeform again until they are able to satisfy us that they have addressed these issues.
  • We are notifying the ICO of this breach
    We’ll be informing the Information Commissioner’s Office about this data breach.

What do you need to do?

As Typeform has only been used to gather marketing data, if you have a Coconut account there is no risk to your money, as account details are all stored on Coconut servers and these have not been impacted.

However, as email addresses were leaked it’s possible that you may see an increase in spam if you are one of those affected. It’s important to be vigilant when opening emails and attachments especially when they are sent from unknown sources.

Please get in touch if you have any questions

I take my personal responsibility to protect your data very seriously. We are using this as a learning opportunity to minimise the risk of something like this happening in the future. We are working to make sure the impact of this is limited and that we keep you informed of any developments.

You can read Typeform’s response to this breach on their site here.

Share this article