|Notice Date||January 23rd 2020|
|Incident Type||Personal Identifiable Information Disclosure|
|Affected Users Notified||Yes, via email.|
|Dear Goverlan User,
We value your business and respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about a data security incident that involves your personal information.
On January 12th, we were notified that a file containing a list of about 500 user IDs and encrypted passwords was being distributed through the public internet. The data accessed included the user login ID, the user email and the user’s password in encrypted format. The login data exposed DOES NOT PROVIDE ACCESS TO ANY OF THE GOVERLAN SERVICES.
How Severe is the Incident?
Upon investigation, we resolved that these IDs/Passwords were those registered by users of our community blog, which is hosted by WordPress ( www.goverlan.com/blog ).
These IDs/Passwords are registered when product features are requested or comments on articles are posted. These IDs/Passwords do not provide access to any of the Goverlan Services. Please rest assured, that the Goverlan IT Support Solution, being an On-Premise solution, is very secure. Access credentials and security information never leave our client’s private infrastructure. Our company does not store privileged account information that could be consumed by malicious actors to access your company’s systems.
Recommendations for Affected Individuals
Even though these passwords are encrypted, and the login IDs cannot be used to access remote systems via Goverlan, it’s possible for people to exploit this information. For this reason, we advise you to change your password in all other platforms that may have been configured with the same password.
Additionally, the email addresses may be used in phishing campaigns. Phishing attacks are the practice of sending fraudulent communications to obtain sensitive information such as credit card details and login credentials, by disguising as a trustworthy organization or reputable person in an email communication. Phishing emails are very common and are easily recognizable to the aware eye. For examples of such emails, visit: https://www.phishing.org/phishing-examples .
Actions Taken by Goverlan Following the Discovery of the Breach
Goverlan values your privacy and deeply regrets that this incident occurred. Goverlan is conducting a thorough review of all areas where our customer’s information may be exposed, and we are implementing security measures designed to prevent further occurrences of such security breaches.
The community login IDs that were breached and published are non-critical to the services that we provide. Consequently, we will be resetting their passwords or deleting them completely. These actions will trigger further email notifications warning you that your password was changed, or account removed. Please do not be alarmed by their notifications at they are expected.
Note: The modification or removal of community login data will not affect the proper functioning of the Goverlan Services.
Questions about this Notice
If you want further information and assistance, please contact our support department at +1 305 442 4788 between 9 a.m.- 6 p.m. EST, or visit our website at https://www.goverlan.com/contact_us