October 14, 2022

Snap is the latest victim of a data breach, but this time it was employee data that came to light through a breach at a third-party document analysis firm, rather than threat actors who leak or take customer data hostage on the dark web.

Although Snap did not disclose the third-party document analysis firm, Snap said in a letter to a former employee dated September 13 that Elevate had informed it that unauthorized persons had gained access to some of Elevate’s computer systems in March 2022.

This employee was informed that due to unauthorized access to Elevate’s system, his name, address, employment history and compensation information could have been among the files affected and that Snap was terminating its relationship with Elevate.

A Snap spokesperson confirmed that a data breach at an unspecified third-party vendor “exposed personal information of some of our current and former team members,” but that no Snapchat users were affected.

Snap said it had informed those affected and would no longer use the vendor for related services in the future.

It is not yet clear who received the letter or how many other employees or former employees were affected by the breach.

The sources for this piece include an article in Reuters.