Archive

Thinkful confirms data breach days after Cheggs $80M acquisition

Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired.

“We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” said Erin Rosenblatt, the company’s vice-president of operations, in an email to users.

“As soon as we discovered this unauthorized access, we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation,” the executive said.

At the time of writing, there has been no public acknowledgement of the breach beyond the email to users.

Thinkful, based in Brooklyn, New York, provides education and training for developers and programmers. The company claims the vast majority of its graduates get jobs in their field of study within a half-year of finishing their program. Earlier this month, education tech giant Chegg bought Thinkful for $80 million in cash.

But the company would not say when the breach happened — or if Chegg knew of the data breach prior to the acquisition announcement.

A spokesperson for Chegg did not respond to a request for comment. Thinkful spokesperson Catherine Zuppe did not respond to several emails of questions about the breach.

The email to users said the stolen credentials could not have granted the hacker access to certain information, such as government-issued IDs and Social Security numbers, or financial information. But although the company said it’s seen “no evidence” of any unauthorized access to user’s account data, it did not rule out any improper access to user data.

Thinkful said it is requiring all users to change their passwords.

We also asked Thinkful what security measures it has employed since the credentials breach, such as employing two-factor authentication, but did not hear back.

Just months earlier, Chegg confirmed a data breach, which forced the online technology giant to reset the passwords of its 40 million users.

At least Thinkful is now in good company.

As concerns over medical device security rise, MedCrypt raises $5.3 million

As medical devices move to networked technologies, securing those devices becomes increasingly important.

Regulators, seemingly late to the threat that unsecured medical devices posed, only began requiring protections for medical devices like pacemakers and insulin pumps two years ago, and since then new technology companies have leapt into the breach to begin providing security services for the healthcare industry.

FDA issues new security guidelines so that your pacemaker won’t get hacked

Most recently, MedCrypt, a graduate from the most recent batch of Y Combinator companies, raised $5.3 million in a new round of funding, from investors led by Section 32, the investment firm founded by former Google Ventures partner Bill Maris.

Joining Maris’ firm were previous investors Eniac Ventures and Y Combinator itself.

“Internet-connected medical technology is entering the market at light speed, calling for devices to be secure by design, which leads to a heightened level of patient safety at all times,” said MedCrypt chief executive Mike Kijewski in a statement.

Securing patient data has been a longtime requirement for health technology companies, but both patient records and hospital networks are dangerously vulnerable to cyberattacks.

In 2018, more than 6 million patient records in the U.S. were exposed thanks to network intrusions and cyberattacks, according to the publication Health IT Security. And those were just in the 10 largest security breaches.

The healthcare industry has only managed to achieve 72% compliance with the HIPAA Security Rule for protecting patient data, according to an April report from CynergisTek.

Investors have recognized the problem and are investing more into companies focused on the healthcare market specifically. MedCrypt’s competition for these security dollars include companies like Medigate, which raised $15 million earlier this year.

While Medigate focuses on network security, MedCrypt is focused on securing devices themselves. Both security functions are critical, according to investors.

“With regulators appropriately taking a hard look at medical device security and the sheer growth in the number of devices being added to already complex clinical networks,” there is a significant opportunity for companies tackling medical device security, according to a statement from Dr. Jonathan Root, who has led several IT-enabled healthcare investments for USVP.

Close

CONTACT US

Complete the form below and we will get back to you shortly.

    • Subscribe error, please review your email address.

      Close

      You are now subscribed, thank you!

      Close

      There was a problem with your submission. Please check the field(s) with red label below.

      Close

      Your message has been sent. We will get back to you soon!

      Close