Skip to content   Skip to footer navigation 

Statement on Typeform data breach affecting CHOICE

A breach of data stored by a third-party tool has affected 592 people who provided information to CHOICE.

05 July 2018

592 people that provided information to CHOICE through a third-party tool, Typeform, have been affected by a data breach. This statement outlines the impact of the breach, what actions people can take, and how CHOICE is responding. 

Who is affected? 

592 people who filled in a survey about consumer guarantee issues. The survey asked for people's name, email address, phone number and a written statement about any issues faced with a faulty product or service, specifically issues getting a repair, replacement or refund. 

CHOICE has emailed everyone who was affected by this breach. 

What is the impact of the breach?

People who don’t work for CHOICE may now know the name, phone number and email address details of people who participated in the survey. This could result in an increase in scam emails or calls. 

Importantly, no one can ‘log in’ or access emails as a result of this breach. Passwords and other sensitive information were not affected by this breach. 

What people affected by the breach can do 

CHOICE has advised people affected by the breach to watch out for scam emails and phone calls. ScamWatch, a resource from the ACCC, provides tips on how to avoid scammers. In particular, people should avoid responding to suspicious texts or pop-up windows or clicking on links or attachments in suspicious emails. It is better to delete them. People should also avoid responding to phone calls about asking for remote access to computers.

More information on the ACCC ScamWatch program is available here, and CHOICE’s advice on scams to watch out for is here. 

What has CHOICE done in response to the breach? 

Data privacy is a consumer right, and CHOICE is disappointed and sorry that this has happened. We’re passionate about holding ourselves to the highest standard on when it comes to protecting consumers’ data.

We have already:
  • Informed everybody affected and let them know how they can spot and handle scam contacts.
  • Ended our relationship with Typeform, deleting all the data stored with them and requesting that they do the same.
  • Reported this breach, and what we are doing to prevent it happening again, to the Privacy Commissioner.
We are also reviewing our data collection practices to reduce the risk of future data breaches.

Further detail about how CHOICE handles information is available at choice.com.au/privacy