Mailchimp has suffered yet another security incident that has exposed user data, the second such incident in six months.
Mailchimp suffered a breach in April 2022, one that exposed the data of more than 100 customers. The company has now revealed in a blog post that it has suffered another breach:
On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.
Once again, the breach compromised the data of more than 100 customers:
Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.
It’s unclear why Mailchimp keeps having these breaches, but it certainly doesn’t instill much confidence in the company or its owner, Intuit.