Typeform data breach. No Coconut accounts affected.
Typeform data breach. No Coconut accounts affected.
Product updates
June 2018

Typeform data breach. No Coconut accounts affected.

We have emailed everyone affected. If you didn't receive an email from us then you were not affected by the breach, but if you have any questions please feel free to get in touch.

Sam O'Connor
Sam O'Connor
CEO at Coconut
No items found.
No items found.
No items found.

Following a data breach suffered by one of our suppliers called Typeform we suspect that some of our customers' data has been leaked.We have emailed everyone affected. If you didn't receive an email from us then you were not affected by the breach, but if you have any questions please feel free to get in touch.

Your money is safe

Typeform is a company we use to gather marketing data only and there is no risk to money held in Coconut accounts as no account information has been affected.

How this unfolded

On Friday evening we identified that Typeform, an online survey tool that we use to gather information like feedback and marketing data suffered a serious data breach. We immediately got in touch with Typeform to understand whether our customers were impacted by this.At 21:05 last night on Friday 29th June we received an email from Typeform telling us that some of the data that we’ve gathered through their service has been affected by this breach. We immediately kicked off an investigation into the impact of this and the risk to our customers.I would like to personally apologise to those that were impacted and tell you the steps that we’re taking to address it.

What happened?

The breach happened on 27th June when Typeform’s engineers identified that a backup of data gathered on Typeform’s platform before 3rd May 2018 had been accessed by an unauthorised party. Typeform has assured us that they identified this quickly and took steps to address it as well as undertaking a full security review of their service to prevent any more data loss.

What data was lost?

I'm very sad to report that that the following data may have been breached:

  • Names (211 in total)
  • Email addresses (318 in total)

Our investigation and the steps we're taking

We have been working to identify the customers who have been impacted, the data that may have been lost and the risk that this poses to you.This is a very serious issue at Coconut as the security of your data is critical to me and the leadership team. Coconut never want to put your data at risk, so we have undertaken a full review of our processes and have taken the following steps:

  • We have removed all customer data from Typeform’s serversWe have removed all data from Typeform’s servers and will be working with them to ensure there are no backups of your data still stored.
  • We are terminating our use of TypeformCoconut is in the process of removing Typeform from our operation as a data gathering tool. Once this process is complete, we will not use Typeform again until they are able to satisfy us that they have addressed these issues.
  • We are notifying the ICO of this breachWe'll be informing the Information Commissioner's Office about this data breach.

What do you need to do?

As Typeform has only been used to gather marketing data, if you have a Coconut account there is no risk to your money, as account details are all stored on Coconut servers and these have not been impacted.However, as email addresses were leaked it's possible that you may see an increase in spam if you are one of those affected. It’s important to be vigilant when opening emails and attachments especially when they are sent from unknown sources.

Please get in touch if you have any questions

I take my personal responsibility to protect your data very seriously. We are using this as a learning opportunity to minimise the risk of something like this happening in the future. We are working to make sure the impact of this is limited and that we keep you informed of any developments.You can read Typeform's response to this breach on their site here.

Ask our community a question

Go to Bite

Keep reading

What’s the new Health and Social Care levy and how are the self-employed affected?

The prime minister has outlined his plans which have now been approved by MPs to increase National Insurance contributions to invest in health and social care across the UK over the next 3 years.


Budget 2021: Financial support available for self-employed people

The SEISS has been extended until September, and there has been one significant change for the better. The grant has been extended to ~600,000 people who were previously excluded by including those who filed a 2019/20 Self-Assessment tax return by midnight 2nd March.


Self employment is how self-taught jeweller, Esh, is shaping her future

Self-taught jeweler, Esh, speaks to us about the complexities of building her own jewelery business. But also, how rewarding the process has been.

Coconut is the trading name of Coconut Platform Ltd, company number 09904418. Coconut is registered with the Financial Conduct Authority (FCA) as an Account Information Service Provider under the Payment Services Regulations 2017 (reference 931194).

Coconut provides some customers with a business current account, but is not a bank. The Coconut current account is an e-money account provided by Prepay Solutions (PPS), a trading name of Prepay Technologies Ltd, which is an electronic money institution authorised by the FCA under the Electronic Money Regulations 2011 (reference 900010) for the issuing of electronic money.

PPS holds all funds in a safeguarded account in accordance with the Electronic Money Regulations 2011 which protects customers against Coconut or PPS’s insolvency. The Coconut Mastercard is also issued by PPS pursuant to a licence by Mastercard International.