The computer programming education company Thinkful has reported a data breach affecting all of its users. Since the investigation is ongoing there has not been any information released about the culprits, nor has there been any indication as to who is responsible for the breach. Thinkful contacted its user base, which is roughly 40 million strong, via email to make them aware of the situation. The email, which was signed by vice president of operations Erin Rosenblatt, had this to say:
We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users… As soon as we discovered this unauthorized access, we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation… Additionally, at this time we have no evidence of any unauthorized access to any other Thinkful user account data or user information. However, as a measure of added precaution, we are requiring all users to reset their Thinkful passwords.
Many individuals analyzing this incident, such as Phil Muncaster of Infosecurity-Magazine, have noted that this is the worst possible time for a breach. Thinkful was recently purchased by online textbook seller Chegg Inc. for $80 million (according to this press release). Chegg experienced its own data breach in 2018, and with an expensive acquisition experiencing a breach, the company is undoubtedly left with doubts about their decision. Neither Thinkful nor Chegg will come out of this without this new negative PR following them. Especially since Thinkful is supposed to be training the next generation of developers and other achievers in technology; a lax cybersecurity policy compromising millions is not going to reflect well.
Cybersecurity is often not prioritized by executives in businesses due to worries about the bottom line, but what if worrying about your bottom line winds up costing you far more?