FYI: Incident that affected personal information

Huw

Please see the message below I received from Vanilla:

We are writing to provide you with information regarding an incident that affected certain personal information of 122 of your organization’s Users.

 Specifically, on December 16, 2022 at approximately 4 a.m. EST, we learned that a software update distributed by Higher Logic Vanilla to Subscribers 12 hours earlier, on December 15, 2022 at approximately 4 p.m. EST, resulted in a bug that inadvertently changed certain privacy settings from “private” to “public” for your Users, as we explain below.

 After learning of the incident, we immediately launched an investigation and disabled the privacy preference feature, which reverted all settings for your users’ information to “private.” This feature was disabled by approximately 10:49 a.m. EST on December 16, 2022. 

 The incident affected the information that those 122 Users entered in the Subscriber-generated “Customer Profile Fields” that your organization set up in your Higher Logic Vanilla instance.

 Our investigation of the impact of this incident on your organization is complete and we have remediated the issue. We have no reason to believe that the incident was caused by a bad actor, and we have no evidence that any data has been misused as a result of this incident.

--
I don't think anyone need be too concerned, in fact I don't know that we have any personal information that's set to private: The high-level location and LUG affiliation information optionally provided in your profile is public anyway.