Over the weekend, Tipalti Inc. (“Tipalti”) confirmed that ransomware attackers claim to have stolen sensitive information from the company. While Tipalti is still investigating the incident, hackers claim to have obtained 256 gigabytes of data after gaining access to Tipalti’s computer network. If, upon completing its investigation, Tipalti confirms that consumer data was subject to unauthorized access, the company will be required to send data breach letters to all individuals whose information leaked.
If you receive a data breach notification from Tipalti Inc. or one of the company’s many corporate clients, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following a possible Tipalti data breach. For more information, please see our recent piece on the topic here.
More on the Alleged Ransomware Attack Against Tipalti
The Tipalti data breach was only recently announced, and more information is expected as the company’s investigation continues. However, BleepingComputer obtained a statement from Tipalti confirming the allegations of a ransomware attack. The ALPHV ransomware group has also released information about the incident.
According to these sources, over the weekend, the ALPHV ransomware gang claimed to have breached Tipalti’s network and stole 256 GB of data. As of December 4, 2023, Tipalti indicated that it had not received any communication from a threat actor. However, ALPHV claims that this was intentional, as the group is trying out a new strategy: rather than inform the company of the breach first, ALPHV disclosed the attack to the public. The stated reason for this is that the hackers believe that Tipalti wouldn’t pay the demanded ransom and that they would have a better chance of getting paid by the victim companies. Thus, ALPHV intends to extort the individual corporations that had data leaked through the Tipaliti breach. However, ALPHV has not yet disclosed which of Tipalti’s clients have been contacted.
Tipalti is a California-based software company that provides accounting, payment processing, and eCommerce solutions. The company also creates software that facilitates the use of affiliates and influencers. Some large and well-known companies are clients of Tipalti, including:
- Twitch
- Roblox
- ZipRecruiter
- Roku
- GoDaddy
- Canva
- X (formerly Twitter)
- National Geographic
- Noom
- WP Engine
In total, Tipalti claims to have over 3,500 corporate clients. However, there hasn’t been any confirmation on which, if any, of these companies were affected by the incident.
Tipalti has its hands full as it investigates the veracity of ALPHV’s claims. However, if Tipalti confirms that there was a ransomware attack and that confidential consumer data was leaked, it will be required to send data breach letters to anyone who was affected. However, few consumers will know the name “Tipalti'' because the company only came to possess their information through one of Tipalti’s clients. Thus, it is possible that affected consumers could receive a data breach letter from the Tipalti client to whom they provided their information.
More Information About Tipalti Inc.
Tipalti Inc. is a software and fintech company based out of Foster City, California. Tipalti develops accounts payable, procurement and global payments automation software for corporate clients across the United States and globally. Tipalti employs more than 1,000 people and generates approximately $210 million in annual revenue.
