Informing Users and ICO of Data Breach

In the event of a data breach, we will contact you and work closely with you to assist in resolving the issue.  You will need to contact the Information Commissioners Office. You can do this here: https://ico.org.uk/for-organisations/report-a-breach/

Your data controller then can use the site to obtain a list of all affected users, independent of Kontrolit.  In your admin panel, under Tools, use Users Export to get a CSV file for all users on your site.  This means you can carry out the work of contacting affected parties with any reliance on us.

It is important to note that we do not store card details on the site, so the effects of the breach are reduced. 

Suggested Wording for Guidance

We are writing to notify you about an issue that may involve YOUR COMPANY account information. We understand that you value your privacy and we take the protection of your information seriously.

What Happened?

On DATE KNOWN, we became aware that during February of this year an unauthorized party acquired data associated with YOUR COMPANY user accounts.

What Information was Involved?

The affected information included usernames, email addresses, and hashed passwords - the majority with a hashing function used to secure passwords.

What We Are Doing

Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with our service provider to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.

We are taking steps to protect our community, including the following:

  • We are notifying YOUR COMPANY users to provide information on how they can protect their data.
  • We will be requiring YOUR COMPANY users to change their passwords and urge users to do so immediately.
  • We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
  • We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.

What You Can Do

We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:

  • Change your password for any other account on which you used the same or similar information used for your YOUR COMPANY account.
  • Review your accounts for suspicious activity.
  • Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
  • Avoid clicking on links or downloading attachments from suspicious emails