NetGalley data breach may have exposed user information

NetGalley data breach may have exposed user information

Digital advance-copy service NetGalley has revealed it suffered a data breach just before Christmas that may have exposed members' information.

The incident took place on 21st December and, although NetGalley first thought only its homepage had been vandalised, further investigation showed “unauthorised and unlawful access” to a backup file of its database. That file contained members' login details, their name and email address, plus the mailing address, birthday, company name, and Kindle email address of those who supplied them.

NetGalley said: “We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility.”

The company added that no financial information is stored on NetGalley and so none of those details were exposed.

In a statement on its website, the firm said: “Please be assured that we take the security of our members' information very seriously and we sincerely regret that this incident occurred. We immediately reviewed our security standards and just implemented further means to protect your data.”

Users are now required to change their passwords the next time they login to the site. The company has also changed its password security policies.