A very large data repository of more than 200 million contact records were stolen from Apollo, following a data breach incident, a predictive prospecting and sales engagement startup. The leaked information contained the following user information –
- Email Addresses
- Company Names
- Media Handles
- Phone Numbers
- Job Titles
Apollo’s stolen database of records did not contain customer-sensitive information such as banking information, social security numbers, or passwords according to a statement made by a spokesperson.
“We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information,” said an e-mail announcing customers about the security incident.
“Some client-imported data was also accessed without authorization,” Apollo said without specifying the exact type of data they referred to according to the e-mail obtained by TechCrunch.
Apollo says no customer passwords, financial data or social security numbers were leaked in the data breach. Apollo’s CEO Tim Zheng told TechCrunch that all customers had been contacted following the company’s transparency values, but he refused to answer any other questions regarding the data breach.
It is entirely unclear if Apollo informed the US or EU authorities regarding the data theft event the company experienced, but it’s certain that EU watchdogs will most likely impose sanctions if the startup failed to follow General Data Protection Regulation (GDPR) regulations to the letter,
If what Apollo says about the database not containing financial data and social security info is true, this data breach‘s severity level shouldn’t go above a medium level. However, considering the number of records, the attackers ran off with, and the increasing danger of potential phishing attacks for both individuals and businesses, Apollo’s data theft episode might have severe repercussions in the future.
There are also concerns that Apollo may face action from European authorities under the GDPR ruling that came into law in May this year. The GDPR regulation is aimed at protecting customers’ data and imposing steep fines on companies who mishandled personal data, Apollo would fall into this category.
Even though sensitive information, like Social Security numbers and financial information, was not exposed, hackers can use your public information in social engineering scams and other targeted future attacks.