On September 29, 2023, MG Stover filed a notice of data breach with the Attorney General of Massachusetts after discovering that Retool, one of the company’s vendors, experienced a cybersecurity incident that exposed confidential information. In this notice, MG Stover explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, email addresses, phone numbers, and dates of birth. Upon completing its investigation, Retool began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from Retool, Inc. or MG Stover, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Retool data breach. For more information, please see our recent piece on the topic here.

What Caused the Retool Data Breach?

The Retool data breach was only recently announced, and more information is expected in the near future. However, MG Stover’s filing with the Attorney General of Massachusetts provides some important information on what led up to the breach. Retool also posted a detailed account of the incident on its blog.

According to these sources, on August 27, 2023, Retool fell victim to a phishing attack. Evidently, hackers sent text messages to several employees pretending to be an HR administrator, asking employees to visit a malicious link that appeared to be a legitimate link to an internal company page. One employee fell for the trick and filled out the form contained within the fake URL. The hacker then called the employee and, ultimately, provided the attacker with information they used to access the employee’s login credentials.

Retool informed MG Stover about the incident on September 20, 2023, and, on September 22, 2023, MG Stover learned that the hacker was able to access confidential information that MG Stover had provided to Retool.

After learning that sensitive consumer data was accessible to an unauthorized party, Retool reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, address, email address, phone number, and date of birth.

On September 29, 2023, Retool sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Other companies who do business with MG Stover appear to have also been impacted by the Retool data breach, including:

• Off the Chain LP
• NextProtocol Capital
• North Island Ventures

More Information About Retool, Inc.

Founded in 2007, Retool, Inc. is a software engineering company based out of San Francisco, California. Retool created a tool development platform to help build custom business tools without needing to have any programming language background or knowledge. Retool employs more than 200 people and generates approximately $42 million in annual revenue.