Updated 18th May 2020
On the 15th of May 2020 we became aware that some user data was compromised through unauthorised access to one of our systems. We immediately launched an investigation into the incident and we are taking appropriate steps to prevent any such incidents in the future. We want to be as transparent as possible without compromising our security systems or the steps we’re taking, so we are sharing below what happened and what actions have been taken. This post will be updated as we gather more information on the incident.
On Friday the 15th of May 2020, we became aware of information about a security incident on our platform. Our team immediately started investigating in order to determine the origin and nature of this incident.
Data belonging to approximately 90,000 users was compromised by a 3rd party who gained unauthorized access to a legacy system before it was decommissioned in early January. This system related to the now-retired Covve web app. It appears at this stage that contact data such as name and contact details were accessed, that the data cannot be directly associated with specific users and no user passwords were compromised.
Actions we have taken until now
Together with our security experts and advisors, we have taken all necessary measures to ensure that the security incident has been isolated and have confirmed that the system in question does not pose any further risk as it had already been decommissioned. We contacted and are in talks with the regulator, we have informed our users and will continue to post updates here.
When we set out to create Covve, from the very outset, we have held one foundation at the heart of our business and our product – respect and protection for our users’ data. Our business, our team, our product and our terms are all built around this and have formed the basis of our users’ trust, trust that no doubt has been shaken by this incident. We are working diligently internally, as well as with external partners to get to the bottom of the circumstances that allowed this incident to come to pass and to set additional processes and controls in place to prevent it from happening again.