I’m a Mailchimp customer, was my data compromised?
While our investigation is still underway, our initial assessment found that 319 Mailchimp accounts were viewed and audience data was exported from 102 of those accounts. We contacted the owners of all impacted accounts via email. If you have not been contacted by Mailchimp, we have no reason to believe your account has been impacted at this time. If you have further questions, please contact Mailchimp support.
I believe I may have received a phishing email. What should I do?
If you suspect you’ve received a malicious or phishing email, do not click any links. If the phishing email appears to be from a company you’re a customer of, we recommend reporting it to that company directly.
How was the attacker able to access customers’ audience information?
A bad actor used social engineering to compromise a Mailchimp employee account and gain access to an internal tool used to assist customers. The bad actor was able to make use of this access to view customer accounts and export certain audience data.
What is Mailchimp doing to prevent something like this from happening in the future?
The security of our users’ data is our top priority. Given that it’s not uncommon for these types of incidents to include multiple attacks, we’re enacting an additional set of aggressive measures to ensure the security of our users’ data while this event is under investigation.
Published April 4, 2022