The privacy and security of our users’ data is a top company priority. Our team takes significant measures to safeguard user data. We follow best practices in process and control and in the choice and architecture of our solutions, undertake regular 3rd party audits and commit to a stringent privacy policy in line with GDPR.
You can learn more about our security and privacy practices here.
Following a security incident in May 2020 we have undertaken forensic investigations on the incident itself and confirmed that the incident was isolated to a specific legacy system. We have also undertaken external security reviews of the entire solution to confirm that there are no further risks and built onto our existing processes to guard against such incidents in future. You can find our incident announcement below.
Updated 2nd July 2020
On the 15th of May 2020 we became aware that some user data was compromised through unauthorised access to one of our systems. We immediately launched an investigation into the incident and we are taking appropriate steps to prevent any such incidents in the future. We want to be as transparent as possible without compromising our security systems or the steps we’re taking, so we are sharing below what happened and what actions have been taken.
What happened
On Friday the 15th of May 2020, we became aware of information about a security incident on our platform. Our team immediately started investigating in order to determine the origin and nature of this incident.
Data belonging to approximately 90,000 users was compromised by a 3rd party who gained unauthorized access to a legacy system before it was decommissioned in early January. This system related to the now-retired Covve web app. We have determined that contact data such as name and contact details were accessed, that the data cannot be directly associated with specific users and no user passwords were compromised.
Actions we have taken until now
Together with our security experts and advisors, we have taken all necessary measures to ensure that the security incident has been isolated and have confirmed that the system in question does not pose any further risk as it had already been decommissioned. We contacted and are in talks with the regulator and have informed our users.
We have undertaken extensive external security assessments across the entire platform. This exercise confirmed that the incident poses no further risks, and has identified no other risks. In addition we have built onto our internal processes to guard against such incidents in future.
Conclusion
When we set out to create Covve, from the very outset, we have held one foundation at the heart of our business and our product – respect and protection for our users’ data. Our business, our team, our product and our terms are all built around this and have formed the basis of our users’ trust, trust that no doubt has been shaken by this incident. We are working diligently internally, as well as with external partners to get to the bottom of the circumstances that allowed this incident to come to pass and are setting additional processes and controls in place to prevent it from happening again.
Updated on 18 Dec 2020.