200 Million Contact Records Stolen in Apollo Data Breach
Sales engagement company Apollo have announced that hackers have stolen over 200 million data records. They reported the breach was on its contact database. Apollo have informed their customers of the breach via email. The breach was noticed “weeks after system upgrades in July”.
The database in question contains publicly available data including names, employer details, job titles, social media account names, phone numbers and email addresses. Tim Zheng, Apollo Chief Executive claims he informed customers in line with their values around transparency, however he has declined to answer questions on the topic.
We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information. Some client-imported data was also accessed without authorization.
Although this a large scale and serious data breach, Apollo have assured customers that financial, social security and other sensitive data has not been stolen and remains unaffected. Investigations have been underway since the breach was noticed. As of now there is little information about the investigation or its findings.
With the kind of information stolen by the attackers it poses a long terms security threat where they can send personalised phishing emails. However, this attack poses a less immediate security threat than if account names and passwords were stolen, which they were not in this case.
There are also concerns that Apollo may face action from European authorities under the GDPR ruling that came into law in May this year. The GDPR regulation is aimed at protecting customers data and imposing steep fines on companies who mishandled personal data, Apollo would fall into this category.