Statement of Data Breach on 26th of June 2020
At approximately midday Eastern Standard Time on Friday the 26th of June 2020 we became aware of an attack on our systems and a potential breach of our servers and our user data.
We have identified the flaws which allowed our security to be breached and will work on updating our systems and policies to ensure this doesn’t happen again.
What has been leaked?
The breach has resulted in some personal data being leaked, but this data is limited to what a user would have displayed publicly inside the application on their profile. At the moment of writing this, we do not believe that any private information has been leaked beyond the email addresses of users who log in through that means. Idyoma does not collect sensitive information from its users and passwords are stored on a separate secure server and encrypted, so they are safe.
What risks does this present?
Given this breach (a) only involves personal information that was already publicly available, (b) does not involve any sensitive information as understood from the perspective of GDPR, and (c) does not contain data on vulnerable categories of people (as far as we can reasonably know), we do not believe this data breach poses a risk to the rights or freedoms of our users.
How is Idyoma responding?
We are (a) creating an action plan for investigating the incident (including involving third-party expert advisors), (b) building improvements to our current infrastructure to prevent future attacks, and (c) assessing our policies and processes to provide greater protection.
This breach has also resulted in temporary downtime for the application and damage to some of our data. We are working hard to try to resolve this and rectify the problems.
We will improve and be better than before
I want to apologise for this incident and any damage this has caused. I hope we can get the app back up and running safely and securely to help all users learn languages, socialize, and share cultures through meaningful relationships during what has been a difficult time around the world.
We’re saddened that an incident like this would occur and that someone would seek to target an app which helps people learn and be social, particularly in a time of pandemic lockdown.
Thank you for your understanding,
Adam Henshall
COO & Data Protection Officer