What Happened: Apollo
Apollo is a sales engagement startup that helps salespeople connect with prospective customers. This startup is the latest company who failed to properly protect their data. As a result, attackers were able to access the company contact database that is used to match sellers with potential buyers. The prospect database contains 200 million contacts at 10 million companies.
The database includes the following information: name, job title, email address, social media handles, company names, and other business contact information. The hackers also accessed client-imported data however it is unknown what kind of data that included. No financial data, Social Security numbers or passwords are included in the data.
Apollo stored the data on an Amazon server with no password protection. The startup discovered the breach weeks after system upgrades in July. In hopes of being transparent, Apollo is in communication with its customers about the data leak.
Company Responsibility
Brian Krebs, a leading security reporter, categorizes this more as a data leak, versus a data breach, because Apollo had not taken the proper steps to protect the data. This continues the conversation of the responsibility companies have when in possession of consumer data and the steps taken to protect it. Other steps, like legislation and the implementation of GDPR, are putting pressure on companies to properly protect data.