Cybersecurity is more than just protecting systems and data. It's about protecting people.
Well, here's a perfect example of what happens when you don't get that right.
"Tea Dating Advice" was having the week of their lives. The app hit #1 in Apple's App Store with over 2 million users in just days.
Women were flocking to the app to share warnings about dangerous men, run background checks, and support each other in dating safely.
Then everything fell apart.
On Friday, cyber attackers leaked 72,000 images from the app's servers. That included 13,000 selfies and photo IDs that women submitted for verification.
Sounds bad, right? It's worse than that.
The company promised users that verification selfies would be "deleted immediately" after authentication. Instead, they stored them in a way that was so insecure, 4chan users didn't even need to hack anything. They just walked right in.
Then, almost right away, a second breach exposed 1.1 million private messages. Women had shared details about rapes, abortions, and abusive relationships. Some included their phone numbers because they were seeking support from other women.
Now thousands of women who were trying to protect themselves from dangerous men are now in danger because they trusted, not an app, but the people running the app.
Their excuse? They kept the data "in accordance with law enforcement requirements related to cyber-bullying investigations."
When asked for details about this policy, they refused to explain.
Look, I get that startups move fast and break things. But when you're dealing with women's safety data, you can't afford to break anything.
This isn't just a privacy violation. It's a betrayal of trust that could put real people in physical danger.
The Tea app founder said he created it because his mother had "terrifying" encounters with men using false identities. And now his app has now left thousands of women exposed to the exact kind of danger it was supposed to prevent.
Here's what this teaches us about cybersecurity:
When you're handling sensitive personal data, especially safety-related information, you have to assume breach from day one. That means minimizing data collection, encrypting everything, and actually deleting data when you say you will.
Your privacy policy isn't just a checkbox. It's your promise to real people who are trusting you with their most vulnerable information.
And if you're going to store sensitive data for "law enforcement purposes," you better have rock-solid security controls and be transparent about your retention policies.
The women who used Tea were already dealing with unsafe situations. The last thing they needed was for their source of safety to become another source of danger.
What's one thing you're doing differently to make sure your organization doesn't betray the trust of vulnerable people? Let me know in the comments below.
This article appeared originally on LinkedIn here.