More entities affected by the computer security breach at web form and survey company Typeform have come forward, including budget hotel chain Travelodge and UK political party the Liberal Democrats.
The survey-as-a-service biz discovered on 27 June that an intruder had accessed files from a "partial backup" dated 3 May containing what it termed as "partial information".
The third-party supplier has contacted its customers, which include the Electoral Commission for the State of Tasmania and Fortnum & Mason among many others, to detail the specific impact on them.
An email sent to Travelodge customers – seen by The Register – stated it has been "working very closely with Typeform to establish the facts", and claimed customers' accounts, bookings, passwords and payment details were not affected by the breach.
"However, Typeform believe that your first name, date of birth, mobile number, email address have been acquired by an unauthorised third party," the letter from Travelodge stated.
"While we have not been made aware of any fraudulent use to date, it is possible that you could receive unwanted contact and your details may be used to find out more about you," it added. "You should therefore remain vigilant for any unusual activity."
The hotel chain confirmed it has contacted the Information Commissioner's Office, as have the Lib Dems, which also wrote to its supporters confirming its Member Experience Survey had been exposed.
"This survey contained your name and email address, so please watch out for potential phishing scams or spam emails. This survey also contained information about your political opinions, such as the campaigns and policy areas most important to you," the note stated.
A spokeswoman at Travelodge sent us a statement: "We sincerely regret any inconvenience this incident may cause."
No financial or other sorts of data were compromised, the hotel chain assured cusotmers. The Lib Dems said that Typeform had "responded immediately and fixed the source of the breach," but added:
We are in communication with Typerform and will be re-evaluating our relationship with them in light of this incident. We take the security of our data seriously and if we are not satisfied that sufficient steps have been taken to secure your data, we will terminate our relationship with Typeform.
Startup bank Monzo, which was caught up in the Ticketmaster hack, has also warned its customers. Again, it has assured customers that all is well.
"Our initial investigations suggest that some personal data of about 20,000 people is likely to have been included in the breach," the bank wrote. "For the vast majority of people, this was just their email address. For a much smaller proportion of others, this may have included other data like their Twitter username or postcode."
Monzo has also stated that "no one’s bank details have been affected, and your money and account are safe."
We've also learned that subscription content platform Patreon used Typeform and has warned users their names and email addresses may have been compromised. ®