Typeform Survey Data Breach

Posted on by

We received a message that Typeform had a data breach, which affected one or more of the surveys that we published. Typeform reports that an external attacker managed to get unauthorized access to a partial backup of respondent data and downloaded it.

The two forms affected were our Tech Survey and this year’s Conference speaker submissions.

The good news is that Typeform responded immediately and fixed the source of the breach to prevent any further intrusion. The bad news is that any information submitted in the forms could have been leaked – this includes mandatory responses like including name, email address and optional responses such as gender, ethnicity, age bracket, phone number etc.

What are you doing so this doesn’t happen again?

We will no longer be using Typeform as a platform for collecting responses that contain sensitive data, and instead be using Google Forms or Survey Monkey. Whilst no provider can guarantee that there won’t be a data breach, we feel that we can’t comfortably continue using the Typeform platform.

How widespread was the breach?

Many organisations use Typeform including Apple, Uber, Airbnb, and Nike. Affected in this breach (so far) are companies including Monzo (20,000 users), Crowdcube, Starling Bank, Post*Shift, the Tasmanian Electoral Commission … so we are by no means the only organisation affected.

What are you doing right now?

We have sent out emails to all affected individuals and released this statement on our website. As gender and ethnicity data were part of the data collected in the Tech Survey form, we will shortly also be notifying the ICO of the breach.

Would exercising my GDPR right to be forgotten have helped me?

No. Information from a third party’s backup was stolen, so whilst we wouldn’t still have your data, the backup would have contained it. And what’s more – we would no longer have your details to contact you about it!

What should I do now?

We recommend that you watch out for potential phishing scams, or spam emails, so be extra careful to only open messages that come from people or companies you know and trust.

Further information from Typeform can be found at https://www.typeform.com/data-breach-june-2018/

If you have any other questions, please don’t hesitate to contact us . We’re sincerely sorry for any inconvenience this causes.