Today I noticed a new starred board in my Trello account called Incidents. Thinking it was something our support team had set up after dealing with an AWS outage this morning, I clicked.
Nope.
It was an old board from a company I used to work with that had been renamed, repurposed, and inadvertently made public. Because I had starred it years ago, it reappeared in my list.
Worse, the first card on the board detailed an incident in which they were on an online call with a client. A different client had been given the same link, joined, and listened to some of their call… which was discussing the first client’s GDPR strategy.
It’s data breaches all the way down.
Not a great look for an agency that advertises GDPR compliance and data security as a service.
(I emailed the CEO to report what I’d found. To his credit, within 30 minutes he replied to me and made the Trello board private again.)