Budget hotel chain, UK political party, Monzo Bank, Patreon caught in Typeform database hack

All insist financial data is safe – but not names nor emails


More entities affected by the computer security breach at web form and survey company Typeform have come forward, including budget hotel chain Travelodge and UK political party the Liberal Democrats.

The survey-as-a-service biz discovered on 27 June that an intruder had accessed files from a "partial backup" dated 3 May containing what it termed as "partial information".

The third-party supplier has contacted its customers, which include the Electoral Commission for the State of Tasmania and Fortnum & Mason among many others, to detail the specific impact on them.

An email sent to Travelodge customers – seen by The Register – stated it has been "working very closely with Typeform to establish the facts", and claimed customers' accounts, bookings, passwords and payment details were not affected by the breach.

"However, Typeform believe that your first name, date of birth, mobile number, email address have been acquired by an unauthorised third party," the letter from Travelodge stated.

"While we have not been made aware of any fraudulent use to date, it is possible that you could receive unwanted contact and your details may be used to find out more about you," it added. "You should therefore remain vigilant for any unusual activity."

The hotel chain confirmed it has contacted the Information Commissioner's Office, as have the Lib Dems, which also wrote to its supporters confirming its Member Experience Survey had been exposed.

"This survey contained your name and email address, so please watch out for potential phishing scams or spam emails. This survey also contained information about your political opinions, such as the campaigns and policy areas most important to you," the note stated.

A spokeswoman at Travelodge sent us a statement: "We sincerely regret any inconvenience this incident may cause."

No financial or other sorts of data were compromised, the hotel chain assured cusotmers. The Lib Dems said that Typeform had "responded immediately and fixed the source of the breach," but added:

We are in communication with Typerform and will be re-evaluating our relationship with them in light of this incident. We take the security of our data seriously and if we are not satisfied that sufficient steps have been taken to secure your data, we will terminate our relationship with Typeform.

Startup bank Monzo, which was caught up in the Ticketmaster hack, has also warned its customers. Again, it has assured customers that all is well.

"Our initial investigations suggest that some personal data of about 20,000 people is likely to have been included in the breach," the bank wrote. "For the vast majority of people, this was just their email address. For a much smaller proportion of others, this may have included other data like their Twitter username or postcode."

Monzo has also stated that "no one’s bank details have been affected, and your money and account are safe."

We've also learned that subscription content platform Patreon used Typeform and has warned users their names and email addresses may have been compromised. ®


Other stories you might like

  • Uncle Sam to clip wings of Pegasus-like spyware – sorry, 'intrusion software' – with proposed export controls

    Surveillance tech faces trade limits as America syncs policy with treaty obligations

    More than six years after proposing export restrictions on "intrusion software," the US Commerce Department's Bureau of Industry and Security (BIS) has formulated a rule that it believes balances the latitude required to investigate cyber threats with the need to limit dangerous code.

    The BIS on Wednesday announced an interim final rule that defines when an export license will be required to distribute what is basically commercial spyware, in order to align US policy with the 1996 Wassenaar Arrangement, an international arms control regime.

    The rule [PDF] – which spans 65 pages – aims to prevent the distribution of surveillance tools, like NSO Group's Pegasus, to countries subject to arms controls, like China and Russia, while allowing legitimate security research and transactions to continue. Made available for public comment over the next 45 days, the rule is scheduled to be finalized in 90 days.

    Continue reading
  • Global IT spending to hit $4.5 trillion in 2022, says Gartner

    The future's bright, and expensive

    Corporate technology soothsayer Gartner is forecasting worldwide IT spending will hit $4.5tr in 2022, up 5.5 per cent from 2021.

    The strongest growth is set to come from enterprise software, which the analyst firm expects to increase by 11.5 per cent in 2022 to reach a global spending level of £670bn. Growth has fallen slightly, though. In 2021 it was 13.6 per cent for this market segment. The increase was driven by infrastructure software spending, which outpaced application software spending.

    The largest chunk of IT spending is set to remain communication services, which will reach £1.48tr next year, after modest growth of 2.1 per cent. The next largest category is IT services, which is set to grow by 8.9 per cent to reach $1.29tr over the next year, according to the analysts.

    Continue reading
  • Memory maker Micron moots $150bn mega manufacturing moneybag

    AI and 5G to fuel demand for new plants and R&D

    Chip giant Micron has announced a $150bn global investment plan designed to support manufacturing and research over the next decade.

    The memory maker said it would include expansion of its fabrication facilities to help meet demand.

    As well as chip shortages due to COVID-19 disruption, the $21bn-revenue company said it wanted to take advantage of the fact memory and storage accounts for around 30 per cent of the global semiconductor industry today.

    Continue reading

Biting the hand that feeds IT © 1998–2021