Arlo|Smart Home Security|Wireless HD Security Cameras
Arlo Community

Reply
Discussion stats
  • 6 Replies
  • ‎2025-05-22 04:30 PM
  • 755 Views
  • 3 Likes
  • 4 In Conversation
Edinburgh_lad1
Mentor
Mentor
‎2025-05-22 04:30 PM

So, we got this email saying that there's been a personal data breach at Arlo. I found the email vague. Was there a personal data breach or not. Was any of my data leaked? If there was no evidence of unauthorised access, as the email claims, why is this classified as a  personal data breach? The word 'breach' suggests to me that it was indeed breaking/violation/opening. The email also says that as a user, I'm not "adversely" affected by this data breach. 

 

Labels:
0 Likes
Reply
Message 1 of 7
755
Best answers
  • JamesC
    Community Manager
    Community Manager

    On May 19th, some users received an email as mandated by EU’s GDPR requirements that may have caused some confusion. To help clarify, there was a short outage where some users temporarily were unable to log in but no data was compromised and there was no unauthorized access to data. Your account and information remain secure.

     

    Thanks,

    Arlo Team

Show More
6 REPLIES 6
StephenB
Guru Guru
Guru
‎2025-05-22 06:17 PM
@Edinburgh_lad1 wrote:

So, we got this email saying that there's been a personal data breach at Arlo. I found the email vague. Was there a personal data breach or not. Was any of my data leaked? If there was no evidence of unauthorised access, as the email claims, why is this classified as a  personal data breach? The word 'breach' suggests to me that it was indeed breaking/violation/opening. The email also says that as a user, I'm not "adversely" affected by this data breach. 

 

@ittroll posted the text here:

My assessment of what it means follows his post.  Based on the wording in his post, I don't believe anything was actually leaked.  

 

The "security incident" was the login outage back in 6-7 May which resulted in loss of access to your personal information. 

 

A security incident that results in loss of access  is included in the GPDR definition of "personal data breach".  The GPDR requires Arlo to notifiy you of such incidents, and I believe the language used in their communication was to make it clear that it was the notification that the law requires.  They acknowledge (and apologize for) the loss of access, and go on to say that - despite the "data breach" language - there was no compromise of your data.

 

Calling the login outage a "security incident" is interesting, as it suggests that the service was taken down by a cyberattack.  

 

 

 

 

 

0 Likes
Reply
Message 2 of 7
734
Edinburgh_lad1
Mentor
Mentor
‎2025-05-22 10:56 PM

Indeed. It's alarmist.

0 Likes
Reply
Message 3 of 7
712
StephenB
Guru Guru
Guru
‎2025-05-23 04:38 AM
@Edinburgh_lad1 wrote:

Indeed. It's alarmist.

If it sounds alarmist to you, then I think that is really on the GPDR, not Arlo.

 

The GPDR requires notification whenever a security incident results in a personal data breach (as defined in the law itself, not what you might think a "security incident" or "personal data breach" is).  The language Arlo chose ensured that there is no doubt that they are in full compliance with the GPDR - particularly important for a US company operating in Europe.

 

That said, I suspect the "loss of access" in the GPDR definition is intended to cover ransomware attacks where the data is encrypted by the attacker, but not compromised (since the attacker never gets it).  Even if the company manages to decrypt it (for instance by paying the ransom), they are still required to notifiy you of the attack.  But there are other possibilities (like a DDOS attack) that could also be classified as "security incidents".

 

 

 

0 Likes
Reply
Message 4 of 7
685
JamesC
Community Manager
Community Manager
‎2025-05-25 10:36 AM

On May 19th, some users received an email as mandated by EU’s GDPR requirements that may have caused some confusion. To help clarify, there was a short outage where some users temporarily were unable to log in but no data was compromised and there was no unauthorized access to data. Your account and information remain secure.

 

Thanks,

Arlo Team

Reply
Message 5 of 7
632
rsmith6121
Tutor
Tutor
‎2025-05-26 08:44 AM

Because of this incident, I'm actually thinking about moving my cameras out of the Arlo cloud. Arlo has been steadily increasing the subscription price while not really improving their service quality, customer service or even the overall cloud security; hence the breach/server outage. All the reasons given in the following video, to cancel Arlo's subscription plan and switch to a basestation/smarthub, are spot on, in my opinion: YouTube Video

Reply
Message 6 of 7
593
Edinburgh_lad1
Mentor
Mentor
‎2025-05-26 10:52 AM

Unfortunately, I have to agree with you.

0 Likes
Reply
Message 7 of 7
565
Discussion stats
  • 6 Replies
  • ‎2025-05-22 04:30 PM
  • 756 Views
  • 3 Likes
  • 4 In Conversation

Arlo
Support

Visit our support page for answers from simple setup to security optimization. Search for something specific or select a product or category for helpful articles and videos.

Visit Arlo Support

Arlo App
for Support

For personalized support specific to the Arlo products you own, access Support from within the Arlo iOS or Android App. Simply login to your Arlo App, go to Settings, Support, then select the Arlo product you would like support for.