Q&A – Potential access to Mun Kino profile information
We have discovered a technical error, which potentially has enabled other users with technical skills to view and edit certain profile information on Mun Kino. It is important to emphasize that we do not have reason to believe that someone has in fact done so.
What has happened?
- On November 12th, we discovered a system error, which potentially has enabled other users with technical skills to view and edit the information you have registered on Mun Kino by using a special software program (an API tool).
- An API tool is a piece of software, which is used for testing communication between two IT systems.
- The error has been corrected, and it is no longer possible to get unauthorized access to other users’ profile information.
- The incident has been reported to the Danish data authorities on November 13th.
- It is important to emphasize that, to our knowledge, no one has in fact wrongfully acquired access to profile information though this system error, but we can’t reject that it could have happened.
What kind of information is affected?
- The information affected depends on what the individual user has registered, but includes regular profile information such as e-mail address, consent, subscription type and possibly other information such as name, address, viewing history and masked credit card information.
- Masked credit card information means that only part of the credit card number is visible, e.g. 123456******7899. You credit card CANNOT have been misused for purchases outside of Mun Kino due to this error.
Do I have to do anything?
- No, you don’t have to do anything. The error has been corrected and reported to the Danish data authorities.
Can my credit card be misused?
- Any credit card information is stored in accordance with the PCI standard to protect against credit card fraud.
- You credit card cannot have been misused for purchases outside of Mun Kino due to this error.
When did it happen?
- We discovered the system error on November 12th and corrected it within 26 hours.
Has your website been hacked?
- No, neither a cyber attack nor a data leak has happened, but there was a safety incident, which has now been resolved. We do not have reason to believe that anyone has wrongfully acquired access to profile information.
Can it happen again?
- No, the error has been corrected 26 hours after it was discovered and the possibility of wrongfully acquiring profile information does no longer exist.
Has the incident been reported to the police?
- Since there are no indications of unauthorised use of profile information, we have informed the Danish data authorities about the incident as well all the users in our databases by e-mail.
Should I change my password?
- You don’t have to change your password, as your password is not part of the profile information affected by the system error. However, we do recommend you update your password on a regular basis.