What happened, and why do I care?

TypeForm, a company with whom Refereum has done business in the past, notified us that they experienced a breach.  They also identified for us precisely which forms were compromised, and were able to ascertain that none of the data submitted by the public to Refereum was compromised.  


I used Typeform to send you my data during your token sale!  Should I be concerned?

No.  Typeform has assured us that no customer data submitted to Refereum was included in the breach.  If this is your only exposure to Typeform, you should be fine.


So what is Refereum doing as a company in response?

Although we have been assured that users who submitted their data to our forms were not compromised in this breach, out of caution, we have ended our relationship with Typeform and will no longer use their product in the future, and we are engaging in a comprehensive review of our own security posture, as is best practice in these cases.  Like you, we continue to monitor for further news about Typeform.


What else should I know?

We would be remiss if we did not take this opportunity to remind our users of good security practices: always use unique, long, complex passwords (the use of a password manager, such as 1Password or LastPass helps with this), always use secure https connections, and generally remain aware of your own security profile and potential exposure.


Is Refereum taking seriously it's obligation to protect my data?

Absolutely.  We limit access to personal data, and take our obligations to secure it very seriously.  Thank you for the trust that you place in us - we do our very best to be sure that we honor that trust and protect our users.