windeln.de confirms data security incident
Munich, 16th September 2020: windeln.de SE („windeln.de“ or „Company“; ISIN DE000WNDL201) has announced today:
Between June 10th and 23rd, 2020 data of some of our customers were temporarily stored on an unprotected server due to a maintenance error, which has since been corrected. The data is now safe again.
Only customers who logged on to our website via the app or a browser between May 24th and June 23rd, 2020 are affected. The server is used as a short-term cache, which automatically deletes the data no later than every four weeks. Therefore, we are currently unfortunately not able to establish which individuals and how many customers are affected in total.
As far as we know today, the server did not store information about means of payment, for instance credit card numbers. However, it contained data such as names, e-mail addresses, postal addresses, telephone numbers and the order history of affected users, as well as, in some cases, the dates of birth and names of their children.
IT security experts who are not part of our company had discovered the security gap. Whether additional unauthorized third parties had access to the data is currently unclear. We have initiated a comprehensive investigation and are working hard to establish the facts with the help of external IT forensic experts.
"We very much regret this incident and apologize to all customers affected. We take the protection of user data very seriously. Now, our focus is on clarifying the details, learning from what has happened, and avoiding damage to our customers as far as possible," said Matthias Peuckert, CEO of windeln.de SE.
The Company had found out about the unprotected server thanks to German authorities and reacted immediately.
windeln.de SE will continue to inform about the progress of its investigation.