December 23, 2020
NOTICE OF DATA BREACH
On Monday, December 21, 2020, NetGalley experienced a data security incident. What initially seemed like a simple defacement of our homepage has, with further investigation, resulted in the unauthorized and unlawful access to a backup file of the NetGalley database. Our database backup was stored in the Amazon Cloud. There was a temporary lapse in security protocol for one of our testing servers, and the credentials became easily attainable by a hacker.
What Information was Involved?
It is possible that your NetGalley Profile information was exposed as a result of this incident. This information includes your login name and password, first/last name, email address, and country. Also, if supplied by you, your Bio, mailing address, phone number, birthday, company name, and Kindle email address. There is no financial information stored in the NetGalley database, so none was lost.
What are we Doing?
We re-secured our testing sites and updated our protocols to ensure their security going forward. We have also:
- Revised our database backup procedure to ensure this data is never again exposed
- Changed all legacy passwords that had access to any NetGalley systems or data
- Added new security features into the site to improve the security of your personal information
- We are continuing to investigate this incident and ensure that no further damage is incurred.
What can you Do?
To better protect your account security, NetGalley is requiring all members to reset their passwords. Starting December 23rd, you’ll be required to reset your password before signing in to your NetGalley account.
Other Important Information:
We have informed the FBI of this data breach, and the situation is under investigation. We will use this notice to update you with any definitive new information related to the breach. The California Secretary of State, and the EU authorities have also been notified.
Your privacy and the integrity of our service is very important. We are committed to improving our protection of your personal information.
For more information:
If you have any additional questions, please contact firstname.lastname@example.org.