Cyber Incident Victim: Elevate

In March 2022, an unauthorized party accessed computer systems belonging to Elevate, a third-party document analysis company providing services to Snap Inc. and law firms. Snap learned of the breach through Elevate, though the exact date of discovery remains unspecified. The incident exposed personal information belonging to current and former Snap employees, including names, addresses, employment histories, and compensation details. Snap confirmed the breach impacted an unspecified number of individuals but clarified no user data from its Snapchat platform was compromised. On September 13, 2022, Snap notified at least one former employee via letter that their data was potentially exposed, explicitly naming Elevate as the breach source. The company stated it would terminate its relationship with Elevate and cease using the vendor for similar services.

The breach timeline indicates unauthorized access occurred in March 2022, with Snap’s notification to affected parties occurring six months later in September. Elevate’s systems were the confirmed point of compromise, though the article provides no technical details regarding the attack vector, scope of systems accessed, or data exfiltration methods. Snap’s spokesperson acknowledged the exposure of employee personal information through the vendor breach but did not quantify the number of affected individuals beyond confirming both current and former staff were impacted. Reuters reported being unable to determine the total number of compromised records or additional recipients of Snap’s notification letter. Elevate declined to comment on the incident when contacted by Reuters, and no further details regarding containment measures, forensic investigations, or regulatory disclosures were disclosed in the available source material.