On Friday, June 29th afternoon, we were notified that Typeform, a company we use to collect survey results and shipping information for our customer care team, has suffered a data breach. No credit card or payment information has been compromised.
Typeform reports that an external attacker managed to get unauthorised access to respondent data and downloaded it. Typeform responded immediately and fixed the source of the breach to prevent any further intrusion.
How many people were affected?
The incident affected 4 of Kano’s surveys, and 1,907 people who responded to them. This breach has also affected a number of companies using Typeform, including companies like payment provider Monzo and the New York Public Radio network.
What information was affected?
Our investigation has shown that information provided by our customers, for example updating Kickstarter pledges preferences, or requests for replacement parts is likely to have been included in the data that was breached. In most cases this included full name, email address, shipping address and contact phone number.
The breach was limited to the information submitted in these surveys, and did not include any information relating to Kano accounts or any purchases made with us, which means passwords and payment details are safe.
Here are the surveys and the information affected:
|Survey breached||Number of Kano customers affected||Data Compromised|
|Computer Kit Complete Power Button Replacement||36||Full name, email address, shipping address, phone number|
|Christmas help requests||77||Full name, email address, phone number|
|Kickstarter Pledges||454||Full name, email address|
|Replacement parts||1,340||Full name, email address, shipping address|
How will this breach affect me?
If you’ve been affected by the breach you will have already received an email from Kano, advising on what data what compromised and steps you should take to stay secure. The Typeform breach does not pose a risk to any other Kano customers.
What has Kano done about this breach?
As soon as we were informed of the breach, we:
- Confirmed with Typeform that they have fixed the source of the breach.
- Investigated the incident, to confirm what data and customers were affected.
- Reported this incident to the Information Commissioner's Office.
- Informed all affected customers of the incident.
We will work with Typeform to ensure they increase their security measures to our satisfaction, or we will switch to a different survey provider.
We would like to apologize to you for this incident; even though we can’t guarantee that it won’t happen again, we will keep doing everything in our power to keep your data safe.
If you have any questions about the incident or Data Privacy at Kano, please get in touch at firstname.lastname@example.org.