Typeform breach: what happened and is my data safe?


We have been alerted that Typeform, a company that we frequently use to survey our customers, has been compromised in a data breach.

Before making any formal communications on this matter, we wanted to wait until we had all of the facts. Yesterday evening at 18:46, Typeform confirmed that data of some 11,000 people had been compromised. Accordingly, we immediately notified the Information Commissioner's Office (ICO).

Fortunately, none of the data compromised was sensitive, such as personal account details or passwords. For most people, it was their name and email address. For a smaller number of people, it was pre registration details for our business product.

No sensitive data was breached

We would like to assure our customers that no sensitive data, such as personal account details or passwords, have been compromised in this breach. Upon reviewing previous surveys, we have only ever asked for details such as your email address and Twitter handle.

If you were affected, we'll be in touch

Our focus right now is to contact everyone who has been affected, letting them know exactly what kind of data of theirs was breached, what they should do and how we will stop something like this from happening again.

If you don't get an email from us on this matter, that means that none of your data was compromised and you have nothing to worry about.

Hackers found a weak spot in Typeform

Hackers managed to gain access to data backups for surveys that were active before May 3 2018. Naturally, those backups contained information that customers had entered in previous surveys, such as email addresses and Twitter handles.

We've ended our relationship with Typeform

Until such a time as Typeform's security is massively enhanced, we have decided to end our relationship with the company over this matter. We will also be demanding that they permanently delete all Revolut customer data from their servers.

And finally, we're really sorry

While we can never guarantee that things like this won't ever happen again, we take full responsibility for this breach and we're already putting in place a number of measures, such as bringing the process of how we survey our customers in-house.

Data Breached Number of People Affected
Name 10134
Personal Email Address 1326
Personal Phone Number 748
Country / City 3244
Business Name 8857
Business Email Address 8824
Business Phone Number 8703
Business Account Details 10