As you know, we had to send out quite a concerning email a few days ago regarding a possible breach of data by one of our vendors.
We are happy to give you an update regarding this. While the investigation is still ongoing and we have not received the final report, we have received additional info, which has helped us narrow down the scope of it. This has helped us to exclude accounts whose traffic was not affected and you are one of them.
What does this mean? We still do not have confirmation if Messente’s traffic was affected by this, but we now have an understanding which of the markets we carry traffic to could have been affected and a more narrow time-frame. This helps us to see that either you did not have traffic to these countries in this time frame OR your traffic was routed differently and thus IS NOT AFFECTED.
So what’s next? As a small cohort of our account’s may still be affected, we will keep the status page going until this has been resolved.
For us, we will keep trying to get to the bottom of this, until we have every detail possible and follow-up directly with accounts affected. We have received reassuring news confirming that the vulnerability was indeed temporary, was addressed immediately once it was discovered and did not lead to any further unauthorised access.
Please let us know if you have any follow-up questions or feedback either to your account manager or to support@messente.com.
---
We’re writing to inform you about a recent incident that might have affected your account.
One of our carrier partners has notified us of a potential but still unconfirmed data incident that may have affected some of our customers whose messages were routed through that carrier partner. We currently cannot confirm the scope of the incident as the carrier partner has notified us as a last minute matter and could only provide partial information, but we can confirm that the data incident did not occur due to actions by a malicious actor but was uncovered by a team of researchers. Simply put, there was no instance of hacking or confirmed unauthorised access - at this moment it is only known that restrictions on access to some of the data may have been temporarily decreased and it is possible that some of the data associated with messages sent by the carrier partner in 2023 and 2024 may have been accessed.
Unfortunately, at this time we cannot provide any additional information due to the error occurring with a service provider of Messente’s carrier partner. However, we are dedicated to resolving this matter as quickly as possible and will provide you with any additional information the moment it gets to us.
In the meantime, here are the steps we are taking to ensure that this issue is dealt with swiftly.
What is being done to resolve this issue? Messente is in daily contact with the affected carrier partner to act on any new information found in the carrier partner’s service provider’s investigation. We have an ironclad data processing agreement signed with this carrier partner and we are exerting all options to ensure that the carrier partner and its service provider finish the investigation as a first priority.
Is the issue still going on? No. The carrier partner’s service provider has immediately re-instated all restrictions on access to the potentially affected data after it having become known that the restrictions were accidentally decreased. The data in question is now inaccessible to all unauthorised parties, and it is confirmed that no malicious parties were the cause of the incident - this was the result of a temporary technical error on the side of our carrier partner’s service provider.
What data has been affected? It is currently not possible to say with certainty what, if any data, has been accessed by any unauthorised party, however in the worst case scenario the data would be limited to phone numbers associated with messages sent in 2023 and 2024 through the carrier partner and the content of those messages.
What to expect next? We will update you immediately once any additional information becomes known to us. If it is confirmed that the incident led to any sort of unauthorised access to personal data, we will without undue delay inform you if any of your data was affected. We will post any updates regarding this HERE and with any questions, please reach out to your account manager or support@mesente.com.
We would like to take this opportunity to apologize for any inconvenience caused by this. We are committed to providing the best possible service to our customers and we take security very seriously, which is why we wanted to inform you about this incident as soon as possible in the case that any of your data has been open for access. We will contact you whenever any new information becomes known, but if you have any concerns or question, feel free to contact support or your account manager.