Some Stripe Atlas customers have recently received a letter called “Notice of Data Breach”. Stripe Atlas discovered on December 11, 2019, that their service provider Legalinc Corporate Services Inc. (“Legalinc”) had a security vulnerability in its document storage system.
Stripe Atlas states that they have no evidence that customers personal information was accessed or has been misused, but out of an abundance of caution they are providing customers with the following notice:
Notice of Data Breach
On behalf of Stripe GEP, Inc., I am writing to inform you about a recent incident that may have involved personal information about you. We regret that this incident occurred and take the security of personal information seriously.
We recently were informed that as part of the process of filing your corporate registration in conjunction with the Stripe Atlas service, it is possible that your personal information was accessed by an unknown third party. We discovered on December 11, 2019, that our service provider Legalinc Corporate Services Inc. (“Legalinc”) had a security vulnerability in its document storage system. We have no evidence that your personal information was accessed or has been misused, but out of an abundance of caution we are providing you with this notice.
WHAT INFORMATION WAS INVOLVED.
We have determined that the incident may have involved personal information regarding approximately 2,670 individuals that used the Stripe Atlas service, including first and last names and Social Security numbers.
WHAT WE ARE DOING.
We began investigating the incident as soon as we learned of it in coordination with our service provider Legalinc, and we are examining the measures we can take to help prevent incidents of this kind in the future. We understand that Legalinc has since taken appropriate measures to address the vulnerability in its
data-storage system, which is addressed in this notice.
WHAT YOU CAN DO.
Consistent with certain laws, we are providing you with the following information about general steps that a consumer can take to protect against potential misuse of personal information.
The Stripe Atlas data breach was first reported by some customers on Twitter:
Oh fuuuuck wild. But good time to say it: we need a new personal identifier, SSNs are all stolen at this point
— Andrew Montague (@constmontague) January 4, 2020
— Derek Strauss (@Dercentralist) January 3, 2020