Apparently crowdfunding website Patreon had a tough week. Multiple news outlets report a successful hacking attempt and a data dump. Links to BBC, NYC Today,Market Business. The Patreon platform falls into the social welfare/rewards platform category in that they provide a platform for artists and other creative types to get funding to pursue their passions. Contributors sign up to donate money to the artist and may have access to content as a result of their donations.
Initial reports of the hack suggest that "about 15 gigabytes of data including names, addresses and donations have been published online". Reports go on to say that no credit card information has been breached. While this may be somewhat comforting, users and platforms should not take particular relief from this information. As we all know, credit card information is not the only useful or relevant data that can cause us grief.
According to the BBC article, the site was generating 16M viewers per month. That's a lot of potential data.
Of particular interest, the hackers involved in this breach have chosen to dump data on the internet for unknown purposes. At this point, personal data does not appear to be the target.
A case like this one brings us to the obvious question, do crowdfunding platforms need Cyber Insurance? Emphatically I will argue that yes, they do. In fact, in working with our clients and prospective clients, we find that Cyber is frequently one of the first insurance purchases made and often one of the cheapest. In fact, we have placed Cyber coverage for companies operating in the crowdfunding/fin-tech space for less than $2,000 (we have one client that paid $750). Of course, premiums go up depending on the exposures. Many may wonder how a policy might respond to a breach like this. Remember that Cyber products are not created equally and coverage may vary widely by carrier. Many of the products we use may have responded to the public relations side of this breach by providing assistance with the media and other messaging to customers and the public. Second, many of the policies we use may have responded by covering expenses for forensic analysts and other technology experts to determine what data was compromised and how the breach itself occurred. Then, these products may have responded by reimbursing the company for data restoration and recovery costs. There may have been coverage for reputational damage or lost business income also. Often, the breach that is discovered is only the tip of the iceberg with respect to what actually transpired and the full extent of the breach may take months to determine. I hedge a bit with "may have" provided coverage because prompt reporting and active engagement of the insurance company are key factors in the ultimate coverage decision by the carrier. Report early and often.
Imagine if Patreon had no insurance coverage? Those extra expenses to respond to the breach would have come directly out of their bottom line and limited their ability to grow their company. How would you pay for that? Does your platform have coverage? Cyber insurance is easier to get and cheaper than you think. Contact us today to find out just how quick and easy it can be to cover your platform from similar exposure.
In other news, T-Mobile and Scotttrade also had hacks become public this week. It just never ends.
Monica M. Minkel, RPLU, MLIS, cyRM, CPLP has been working exclusively with Directors & Officers Liability, Professional Liability, Cyber Liability and related products for nearly 20 years. She started her interest in finance by loaning money to her mom at age 11 (complete with a loan agreement and competitive interest rate). She is passionate about all things in the financial industry and the way technology is changing the way capital markets function.