After a systems upgrade in July, hackers stole information from sales engagement startup Apollo’s database of more than 200 million contact records.
The stolen material came mostly from the prospect database of the company, formerly known as ZenProspect.
“We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information,” the company, which is backed by YC Combinator, said in an email sent to customers and obtained by TechCrunch from Templarbit co-founder Bjoern Zinssmeister. “Some client-imported data was also accessed without authorization.”
While delays in reporting breaches are still not uncommon, companies are under increasing pressure from regulators like GDPR and the newly minted California Privacy Act to notify authorities and potential victims more quickly.
“In an email to affected customers, Apollo said the data breach was discovered weeks after system upgrades in July. Apollo is not the first company to have a breach go unresolved for a long period of time, proving organizations do not emphasize security to a high enough degree,” Zohar Alon, CEO of Dome9. “As data privacy laws become more commonly adopted with harsh penalties, breaches such as these will have a serious impact on business viability.”
Jacob Serpa, product marketing manager at Bitglass, said, “For any company that boasts a database of 200 million contacts from 10 million companies, cybersecurity must be a top priority.”
Organizations that “want to prevent breaches like the one experienced by Apollo…must leverage advanced security capabilities built for the cloud,” such as multi-factor authentication to verify identities and contextual access control, Serpa said.
Proactive security designed to detect and mitigate risks before they can be exploited, is especially critical “when you are expected to keep prospect, customer, supply chain and other business-critical contact information safe,” said Ruchika Mishra, director of products and solutions at Balbix.