Update on Incident: September 7
On September 7, Bitvavo experienced a technical issue which led to the personal data of eight users being shown on our app and web. We apologize for this issue, as keeping user funds and user data safe is our top priority, and want to stress that we understand your trust is the most valuable asset Bitvavo has. Precisely for this reason, what follows is a detailed account of what happened, how we reacted, and whatās next.
Hereās what happened, and why:
- To improve the user experience of Bitvavo, we use a solution called ācachingā which stores copies of data in the cloud for faster access.
- Due to a misconfiguration of our cache solution, the personal data of eight users was exposed to users who logged in to the app or web for a period of 15 minutes.
How we reacted:
- Within those 15 minutes, we cleared and reconfigured the cache.
- Unfortunately, since caching stores data also locally, it takes 2 hours for the data to be erased from local storage of the user devices.
- We subsequently decided to lock down our app to prevent access to the user data.
- We contacted the affected users to notify them of the incident and provided them with the relevant support.
- We notified relevant authorities, including the Autoriteit Persoonsgegevens (AP), about this incident.
What happens next:
- Together with Bitvavo experts, industry leading security experts and our Data Protection Officer we will review our technical setup and procedures to ensure such an incident cannot repeat itself.
What does Bitvavo do about security?
Keeping user funds and user data safe is our top priority. We hold ourselves to the highest standards and have implemented:
- Industry leading security
- Screened employees
- Security audits
- Certified Data Centers
More information about the security measures Bitvavo has in place can be found here.
What happens with my data?
Eight users were affected by this incident, and all eight have been contacted by us. If you havenāt been contacted by Bitvavo, your data hasnāt been exposed in any way, shape, or form. You do not need to change your password or do anything to protect yourself from this incident.
Bitvavo processes your personal data only as required to provide you with the requested services and only as required by laws and regulations. Bitvavo will never use your personal data for commercial purposes and processes it in a strictly confidential manner.
More information about how Bitvavo processes your personal data can be found here.
Are my funds safe?
Your funds at Bitvavo have never been at risk due to this event.
Bitvavo has strong security measures in place to securely store customers' funds. To ensure the safety of user assets, Bitvavo is storing most of our user assets at Insured Custody Providers who are specialized in storing digital assets in a safe environment and are insured up to an amount of ā¬255 million to mitigate potential risks as much as possible.To bring the security of our user assets to the next level, we have introduced the Bitvavo Account Guarantee. Should someone gain unauthorized access to a Bitvavo account and misappropriate funds, users may now be eligible for reimbursement of up to ā¬100.000.
More information about the security of customer funds is available here. Please note that this incident was due to a misconfiguration on our end, not a hack or a security breach.
Final note
We take safety and security very seriously and we will inform you of any relevant development. We strive to remain transparent and appreciate your continued support.
In case of any questions or concerns feel free to contact: