What happened?
On Monday, February 11, 2019, we discovered that some user data was exposed by a third party who gained criminal unauthorized access to one of our systems.
What did DataCamp do?
DataCamp engaged Kroll, a leading forensic security firm, to aid us in our investigation into this incident. Kroll’s review determined that mitigation steps taken by DataCamp were both timely and appropriate. DataCamp’s investigation is now complete and we are confident that the matter has been resolved at this time.
We also notified law enforcement and data protection authorities in a timely manner.
The steps we took to protect our users include the following:
- We notified by email the users we believe were affected or potentially affected.
- Out of an abundance of caution, we logged out all DataCamp users who may have been affected, and, if they used a password as their authentication method, we invalidated their passwords and prompted them to reset their passwords.
- We continue to monitor for suspicious activity and to make enhancements to our systems to detect and prevent unauthorized access to user information.
Did DataCamp notify affected users?
Yes, we notified by email the users we believe were affected or potentially affected and prompted them to reset their passwords.
What kind of data was affected?
A subset of DataCamp users were affected. The following information may have been exposed:
- Personal information
- Name
- Email address
- Optional information including location, company, biography, education, picture
- Account information
- Hashed passwords using bcrypt
- Creation date
- Last sign in date
- Sign in IP address
Was my payment information compromised?
We do not store credit card data and thus do not believe credit card or Paypal data were affected.
Was my account affected?
While some DataCamp users were affected, the majority were not. DataCamp notified by email all users who we believe were affected. DataCamp also sent an email prompting you to reset your password if we believed you were affected.
Even if you were not affected, you can certainly reset your password or email DataCamp Support (atop this page) with additional questions.
How can I reset my password?
You can change your password by clicking on the forgot password link during login. More information can be found in our 'Forgot Password' Help article.
Should I also reset my password for other DataCamp or connected accounts?
It is generally a best practice to regularly change and not reuse the same password across multiple services or accounts. We recommend that people change their passwords if they are doing so.
How do I delete my account and all of my data from DataCamp?
Note: This action cannot be undone. Deleting your account will delete your entire account and all data associated with it.
Your account can be deleted directly from your account settings, once logged into DataCamp. More information can be found in our ‘Delete your Account’ Help article.
What is being done to make sure this does not happen again?
DataCamp’s investigation is now complete and we are confident that the matter has been resolved at this time. Kroll, a leading forensic security firm, assisted us in our investigation into this incident. Kroll’s review determined that mitigation steps taken by DataCamp were both timely and appropriate. We continue to monitor for suspicious activity and to make enhancements to our systems to detect and prevent unauthorized access to user information. Our efforts to protect our users and prevent this type of incident from happening in the future are our top priority.