Transcription Security – What Does the Appen Limited Data Breach Teach Us?

In July 2020, Appen, a large transcription, data annotation and AI assistance company, reported unauthorised access to its systems by a third party.

Press Release from Appen Limited 31st July 2020

The relevant parts of the press release from Appen are as follows:

Appen Limited (“Appen”) (ASX:APX) is advising the market of an incident involving unauthorized access to its systems via a third-party provider. [ ] Malicious actors hacked the systems of the third-party provider and stole credentials enabling unauthorized access to Appen’s systems. [ ] Appen’s investigation has determined that the unauthorized actors gained access to Appen’s user authentication database. [ ] It contained  customer and crowd names, company names, email addresses, encrypted (hashed) passwords, IP addresses, and historical login and log off times. A small percentage of records contained phone numbers.

Appen in Their Own Words

From the Appen press release in their own words this is a quick summary of the work the company undertakes: “with expertise in more than 180 languages, a global crowd of over 1 million skilled contractors, and the industry’s most advanced AI-assisted data annotation platform, Appen solutions provide the quality, security, and speed required by leaders in technology, automotive, financial services, retail, manufacturing, and governments worldwide. Founded in 1996, Appen has customers and offices around the world.

Firefox Warning Popup – 5,000,000 Accounts Compromised

As of September 2020, Mozilla includes a popup warning when you visit the Appen website via the Firefox browser indicating that 5,000,000 Appen users details have been accessed. The following is the warning on the Firefox Monitor:

“On June 22, 2020, Appen was breached. Once the breach was discovered and verified, it was added to our database on July 30, 2020.”

Firefox Monitor Popup Warning September 2020

The Importance of the Firefox Appen Data Breach Warning

Why is this important? In transcription terms Appen is a larger-sized player working for a wide range of clients including academic and government institutions in the UK. Appen is also a large data collator working with the world of AI – their business appears to be focused on creating a huge online resource for training AI systems by providing large teams of home workers around the world to assist in the improvement and education of artificial intelligence systems.

Why is this Breach Significant?

The data breach is significant because one of the fundamental elements of transcription work when supplying government and academic institutions is the understanding that all data, which is very often extremely sensitive, is not capable of being accessed by third parties. The data security requirements of most tenders for work are usually quite onerous as it IT security tends to be a key element by all our clients who are understandably nervous about allowing data to be transferred to a third party transcription business.

Smaller Companies – What’s the Relevance?

TP Transcription Limited is much smaller company than Appen. We are Cyber Essentials, ISO 27001 and ISO9001 accredited. We have secure systems in place, internet firewalls, our upload facilities are SSL secure and we offer all clients the use of encrypted emails. We are UK based, all our transcribers are UK or Ireland based and British or Irish nationals. Our data remains in the UK at all times and we have a unique service available for all our university clients in that we have GDPR compliant servers based in the UK (which will remain EU GDPR compliant even after the UK leaves the EU).

Any Company, Any Size

Unfortunately, the breach that Appen have experienced shows that all companies of any size can be subject to exactly the same issues of security breaches and the potential for the compromise of data. Appen will have extensive levels of security and presumably invest huge amounts of time and money in protecting their systems. After the breach they have obviously followed their ISO 27001 procedures and according to their press release they have used an external cyber forensics company to sort out the breach and ensure their security is watertight again. As they are a listed company the breach has to be reported, which is why we have the information to hand as it is publicly available.

What Does the Appen Breach Teach Us?

The breach teaches us that you can never be complacent around the issue of IT Security. In the transcription & translation business it has to be fundamental to the day to day operations of any company as all our clients rely on the ability to securely transfer data for processing, regardless of whether the data is being altered from speech to text or written records.

A Permanent Record

Appen has indicated that it has ‘bolstered its security to prevent repeat or follow-on security incidents.’ However it is currently left with the problem that whenever anyone visits parts of their website using the Firefox web browser a warning pops up to say that the site has experienced problems with 5,000,000 accounts being compromised. There is not a lot Appen can do about Mozilla logging data breaches and presumably in time the warnings will disappear.

A lesson for all transcription companies of any size – take IT security very seriously indeed…

Our Accreditations

We are Cyber Essentials Plus audited annually and we hold the Cyber Essentials and Cyber Essentials Plus certificates. We are UKAS ISO 27001:2022 audited and accredited and ISO 9001 & ISO 14001 systems accredited company. We are members of the American Translators Association and we are assessed for GDPR compliance annually by IASME (Cyber Assurance Level 1).

10% Profits to Charity

10% of our profits are donated to the Ten Percent Foundation, a charitable trust registered in the UK. Since 2000 over £150,000 has been donated to projects in Africa and the UK. Click here for details.