No Curve customer data has been compromised as a result of the Typeform data breach

Last night, at 21:41, Typeform, a company we use from time to time to collect survey results, notified us that they suffered a data breach. The good news is that no Curve customer data has been compromised as part of this breach. Typeform responded immediately and fixed the source of the breach to prevent any further intrusion.

We take Data Security and Data Privacy very seriously and immediately began investigating the breach to understand exactly what data had been compromised. We never collect any financial data outside the Curve app and do not store any financial data outside of Curve’s secure systems, so we were immediately confident that no Curve card details or underlying payment card details were compromised. After concluding our investigation, we have also been able to confirm that no other Curve customer data was compromised such as names or email address details.

What happened?

  • Typeform identified a breach at 14:00 CET on the 27th of June and remedied the apparent cause of the breach at 14:30 CET on the same day - the 27th of June

  • Typeform have performed a full forensic investigation of the incident and are certain that this cannot happen again

  • Typeform informed Curve regarding the data breach at 21:41 BST on the 29th of June and we immediately reported this to our Data Protection Officer and began our investigation

  • Curve concluded its investigation at 11:30 BST on the 30th of June and concluded that no customer data was compromised, however some names of individuals who have interviewed for positions at Curve may have been compromised. We will communicate this information to these individuals on Monday the 2nd of July

What Typeform data was breached?

  • A partial backup of results dated the 3rd of May, 2018 was downloaded from Typeform’s servers

  • Results collected since the 3rd of May, 2018 were not compromised

How does Curve use Typeform?

  • Our Product and Marketing Team utilise Typeform for occasional customer research. The vast majority of surveys are anonymous. None of the surveys which collected names or email addresses were compromised

  • Our Customer Experience Team uses Typeform for recruitment tasks for potential employees

How did the data breach impact Curve and its customers?

  • 2 Anonymous customer surveys - 1180 respondents were affected

  • 2 Interview assignments - less than 50 respondents were affected

Will we work with Typeform in the future?

We will review Typeform's response to the situation and their increased security measures and will decide in the coming days. Rest assured that we will not use them until we are satisfied they have put the right security measures in place.

For further information on how we protect your data, please see our Privacy Policy - https://www.imaginecurve.com/privacy-policy.

Rachel Adelman

Customer Experience Team Lead @Curve

See more posts from Rachel Adelman