Data privacy is something that Veeam takes very seriously. Unfortunately, this week, we had an incident where one of our marketing databases was mistakenly left visible to unauthorized third parties. One of our Veeam core values is transparency and I want to be very open and honest about this issue – this is what our employees, customers and partners deserve. Our goal is to share so our community can learn from our situation.
During some maintenance of our network, this single marketing database containing marketing records (that may include names, e-mail addresses and IP addresses) was left visible and exposed due to human error. While the database was not easily accessible, it was visible to unauthorized third parties. Once we validated the issue, we took immediate action to properly secure the database. While it has been reported that there were 440 million e-mail records, many of these were duplicates or multiples of the same e-mails, and upon review, there were approximately 4.5 million unique e-mail addresses. I can assure you there was no sensitive information as Veeam does not collect sensitive personal information from its customers, prospective customers or partners. It is extremely unfortunate that the news reported without accurate facts, while time is of the essence for a reporter, what was important for us was to thoroughly research the incident and provide accurate information to our customers, partners and prospective customers.
We have taken additional steps to ensure every database meets our security protocols and we continue with our investigation into this incident. We have also taken the additional step to report the incident to certain regulatory authorities to establish an open and transparent line of communication to address any concerns they may have. While the data was not sensitive, we take this situation very seriously. As soon as we had enough information, we immediately created this message to share with our customers, partners and prospective customers. Our continuous review and improvement of our policies, procedures and protocols continues.
Once again, I want to reassure you that all of us here at Veeam are committed to the protection of your data. We sincerely apologize for any inconvenience this may have caused. We know you expect more from us; we expect more from us, and we will learn from this and we will be better.