Dear customer,
We want to inform you about the security of your personal data.We have recently been notified that one of our subcontractors for our telephony service Avoki Connect, Destiny, has experienced a personal data incident. This incident may potentially have affected our end customers and users.
Published: December 4, 2024, Last updated: December 4, 2024, 13:39
General information
What Happened?
One of our subcontractors, Destiny, which manages our telephony service Avoki Connect, suffered a personal data incident at the end of last week. This may potentially have affected our customers and users of Avoki Connect. Affected services include MyConnect, Softphone, end-user portal, administrator portal, Selfservice, Tools, and Service Admin.
When was the incident discovered?
Yesterday, Avoki received information that our customers' data may potentially have been affected. Avoki is immediately taking action:
Filing a report to the Swedish Authority for Privacy Protection (IMY)
Activating our internal crisis team
Initiating the process of informing affected customers.
How was the incident discovered?
A security vulnerability was identified by our subcontractor Destiny during routine maintenance work.
Who is affected?
All users of Avoki Connect, including us as an organization, may potentially be affected by this incident at our subcontractor Destiny.
What type of information may have been leaked?
The information that may have been affected includes:
- Name
- Phone number
- Email address
- Password (in encrypted form)
Are my passwords safe?
Although the passwords were encrypted, we strongly recommend that you change your password as a precautionary measure.
Actions taken
- We have established a crisis team consisting of cybersecurity experts, our Data Protection Officer (DPO), communications manager, and several representatives from management. This team is working intensively to manage the situation, minimize potential risks, and ensure that all necessary information reaches our customers as quickly and transparently as possible.
- We have filed a report to the Swedish Authority for Privacy Protection (IMY) in accordance with GDPR.
- We are implementing two-factor authentication for all administrators in the self-service portal.
- We are working on a plan to implement mandatory password resets for all affected users.
How to activate Two-Factor Authentication (2FA)
Two-factor authentication is activated centrally by us. When logging in, a verification code box will appear after you enter your username and password. The code is sent via SMS to your registered phone number.
Future prevention measures
We are taking several steps to strengthen our security:
- Conducting comprehensive security audits of our systems and processes
- Updating our security protocols and guidelines
- Increasing the frequency of security training for our staff
- Improving our monitoring and detection mechanisms
Reporting to authorities
Yes, we have filed a report to the Swedish Authority for Privacy Protection (IMY) in accordance with GDPR requirements within the prescribed 72-hour timeframe.
What should I as a customer do?
Log in to the service and immediately change your password for Avoki Connect and other services where you have used the same password
Be alert to suspicious emails or phone calls that may be phishing attempts
Stay updated through our website and the messages we send out
How do I get more information?
We will continuously update this page with new information. If you have specific questions, please contact our customer service at privacy@avoki.com.
We value your trust and are working tirelessly to protect your information.
We apologize for any inconvenience this may have caused and thank you for your understanding and continued trust.
Team Avoki