Cyber Incident Victim: Mention

The Mention data breach occurred in July 2018 and was disclosed to users via email by CEO Matthieu Vaxelaire on August 3, 2018. The incident stemmed from a security compromise at an unspecified third-party provider within Mention's marketing infrastructure, affecting multiple clients of this vendor. Founded in 2012 and headquartered in Paris, Mention provided media monitoring services to 650,000 companies including major clients like Airbnb, Microsoft, and Adobe. Exposed data included user names, email addresses, and account profile information such as subscription plan value, number of configured alerts, volume of mentions tracked, and account creation dates. The company confirmed no payment credentials, passwords, login details, or authentication tokens were accessed during the breach. Mention promptly notified the French data protection authority (CNIL) about the incident in compliance with regulatory requirements.

In response to the breach, Mention assured users no immediate action was required but advised vigilance against potential phishing attempts leveraging the exposed email addresses. The company emphasized data security as a top priority and initiated a comprehensive review of all data flows to strengthen protections. This incident occurred amid a pattern of third-party breaches affecting companies like Ticketmaster (compromised through Inbenta Technologies), Fortnum & Mason (via Typeform), and Delta Airlines/Sears (through a chat software provider). The breach highlighted systemic third-party risks in corporate supply chains, though Mention's direct systems and core monitoring platform remained unaffected. No operational disruptions or service outages resulted from the incident, with business continuity maintained throughout the response period.