If you created a OnePageCRM account after November 24th 2018 this security update does not affect you.
On Tuesday (Jan 15th), at 2:30pm GMT, we became aware that a backup copy of our application’s database wasn’t fully secured on a test server. This test server was setup on Jan 7th, 2019 by our engineer specifically to run tests for an upcoming database migration, and regrettably, a human error caused the issue.
Although the incident was contained and ended within minutes from the time we became aware of it, an analysis of our data logs shows that there had been a very limited number of external connections made to this server.
This was not a malicious incident and we have no reason to believe that your data has been misused by any third party.
It’s important to point out that our live database was not exposed and remains secure.
Over the past 9 years, we have worked hard to protect your data security and build your trust. This incident is hugely disappointing for us and we sincerely regret any distress or inconvenience this may cause to you and your business.
The exposed database was from a backup copy (dated 24th Nov 2018), and the information included;
No credit card details were exposed or compromised.
When we became aware of the possibility of external access, we immediately shut down the test server and took steps to determine the scope of the issue. We are also now consulting with external experts and advisors and as a controller of personal data, we will be reporting this incident to the Data Protection Commission in Ireland.
We have taken the following steps to best protect you, our users:
We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information.
We recommend you:
As with usual best practice, you should:
How does this impact me?
Any accounts created prior to November 24th 2018 should take this notice seriously and follow the necessary steps as outlined above or sent to you via email.
Should I change my OnePageCRM password?
Yes, you should change your OnePageCRM password (and change your password in any other place or app where you have used the same password).
How do I change my password?
To change your password, login to your OnePageCRM account > go to the Gear icon > Users and Billing > Users > Click on your profile – Change password. Read more here.
Has this ever happened before?
Is my data now secure in OnePageCRM?
Yes, we can assure you your data is secure. It’s important to note that our live database was not exposed and remains secure. The incident occurred on a test server. Your data is stored on industry-leading Amazon data centres protected by physical barriers and guarded 24/7. See more about our security here.
Can I trust OnePageCRM with my data going forward?
Yes, and we will continue to work with you to rebuild the trust you placed in us.
Over the past 9 years, we have worked hard to protect your data security and build your trust. Regrettably, this incident was caused by human error and is hugely disappointing. We sincerely regret any distress or inconvenience this may cause to you and your business.
We are reviewing our internal protocols and procedures for test and development servers to prevent any future incidents.
What to do if you’re a Data Controller
Users who are controllers of personal data affected by this incident should immediately undertake their own due diligence to investigate this incident and to assess the risk it may present to you, your users or other contacts. You may be required to report this incident to the Data Protection Commission or the equivalent supervisory authority in your country. In Ireland, there is usually a 72-hour window from the date you become aware of such an incident to notify the Data Protection Commission.
We are happy to cooperate and answer any further queries you may have in relation to this incident.
Who can I contact if I have additional questions?
We understand this is a difficult situation, if you have any questions please email firstname.lastname@example.org and we will strive to respond as soon as possible.