We were notified at 10.19pm (BST) last night that Typeform, a third-party service provider we have used to collect survey results on the public version of our online diagnostic test, suffered a data breach affecting some of their customers, including us. After a thorough investigation, we believe that the email addresses and survey data submitted by around 230 public Diagnostic Test users may have been affected. We have contacted each of the users affected with a detailed explanation and apology, and have recommended that they look out for any potential phishing scams, or spam emails. If you have not received such an email from us, your data was not affected. Typeform told us that an attacker gained access to one of their data backups for surveys conducted before May 3rd 2018. Those backups contained the data mentioned above. Typeform have also said that their security weakness was fixed within 30 minutes of discovery. Please note that only the public-facing Diagnostic Test, accessible from our website, was impacted by Typeform’s breach. Our more extensive private Diagnostic Test, and any data contained in private versions used by our clients, was not accessed. However, to be on the safe side, we have decided to end our relationship with Typeform and we will also notify the Information Commissioner’s Office of this breach as soon as possible. Meanwhile, we would like to sincerely apologise again for this issue and any inconvenience caused. If you have any questions, please get in touch with us on info [at] postshift.wpengine.com (our offices are closed over the weekend, but we will respond as soon as we can).
Typeform breach affecting our public diagnostic survey
