Data breach at Typeform

(Thomas K. Running) #1

Typeform, one of Nomad Gate’s sub-processors, notified me over the weekend that a backup of one of our signup/login forms had been compromised in a security breach. You can read their full announcement here.

The form in question is no longer in use as I moved us over to using the community forum to handle user logins back in May. It is only a small subset of Nomad Gate users who are affected (less than 500), who have all received an email with more details. If you have not received an email from me, you were not affected.

The compromised backup contained the following information:

  • Email addresses
  • First names
  • IP addresses
  • Information about the time and which page you logged in or signed up from

Typeform was never used to handle or store more sensitive information, such as passwords or credit card details.

Since this was a breach of Typeform as a whole, not Nomad Gate specifically, it is unlikely that the hackers will ever even make the connection between your data and Nomad Gate. It nevertheless is a good idea to always be aware of the possibility of receiving phishing attempts after these kinds of incidents.

After learning about the incident this morning, I promptly reported it to the Danish Data Protection Agency, in accordance with the GDPR regulation.

Also, as a part of the GDPR preparations I did back in May, I systematically re-evaluated what data was needed to be stored or processed by each of the sub-processors in use at the time. In fact, I established procedures for regularly deleting data that are no longer needed (such as Typeform responses), although this incident took place before that (on May 3rd). I even recently made the switch from Typeform & Upscribe to Paperform for most external signup/opt-in forms (such as the ones used below our Medium articles), in part since they have a feature that makes sure your data is never stored on their servers, but instead are being sent directly to Nomad Gate.

If you wish to delete your Nomad Gate account and all associated data stored by Nomad Gate and its sub-processors, you can delete your account here.

If you have any questions, just reply below or send me a private message.


(Thomas K. Running) listed #3