It has been reported that Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired. The email to users said that although the company said it’s seen “no evidence” of any unauthorised access to user’s account data, it did not rule out any improper access to user data.

Experts Comments

September 20, 2019
Travis Biehn
Technical Strategist
Synopsys
Compromising small startups in the weeks and months following an acquisition can lead to huge payoffs for attackers, as they gain footholds in soft targets before they're able to adopt to possibly stronger security postures from acquiring companies. That's just one reason why it's important to get handle on a company's full security posture before making an acquisition decision.
September 24, 2019
Erich Kron
Security Awareness Advocate
KnowBe4
This incident highlights the importance of due diligence during mergers and acquisitions in modern time. I’m hopeful that Thinkful would have disclosed the information if they were aware of it, and I would also hope that Chegg, given their recent experience with a breach, would have this addressed contractually. Obviously, the reputational damage and cost of dealing with the breach can have a significant impact on valuation or could kill the deal altogether. This is why it is so important to .....Read More
This incident highlights the importance of due diligence during mergers and acquisitions in modern time. I’m hopeful that Thinkful would have disclosed the information if they were aware of it, and I would also hope that Chegg, given their recent experience with a breach, would have this addressed contractually. Obviously, the reputational damage and cost of dealing with the breach can have a significant impact on valuation or could kill the deal altogether. This is why it is so important to take cybersecurity seriously, especially if you’re considering an acquisition or looking to be acquired. In many cases, security incidents like this, where credentials are misused, are due to someone giving them up in a phishing attack. That's why you want to ensure your users are well trained to spot and report them.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.