An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual might have compromised customers’ information.
The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them about the data breach. According to this letter, the online tutoring program detected the security incident on 2 May when it observed an anomaly on one of its databases. The company responded by launching an investigation, an effort which uncovered a data breach that occurred back on 27 April.
It’s unclear how many of Wyzant’s two million customers were victims of the data breach or whether the security incident compromised the information of both students and tutors, of which there are currently 76,000. Even so, the online tutoring platform’s investigation determined that the event might have exposed customers’ names, email addresses, zip codes and their Facebook profile images if they used Facebook to authenticate themselves. It also revealed that customers’ passwords, payment information and records of activity on the platform were safe.
In its letter, Wyzant explains that it responded by addressing the unknown issue and assessing the scope of the incident. It also revealed that it initiated an extensive audit of its systems and that it would notify customers of any further developments. As quoted by The Hacker News:
Wyzant has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of our valued customers. This includes reviewing our security processes and protocols. We are also working closely with law enforcement to ensure the incident is properly addressed.
In the meantime, the online tutoring program warned affected customers to beware of phishing attacks where digital attackers could abuse their exposed information to ask for even more personal data. Users can defend against these types of attacks by familiarizing themselves with some of the most common types of phishing attacks. They should also consider taking additional steps to protect themselves against identity theft.