Text from CEO email to impacted users in February for October Breach:
Hello,
I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.
I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.
What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.
What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.
What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.
This sucks. I'm sorry. We will work very hard to make sure it does not happen again.
epsteingpt•1h ago
I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.
I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.
What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.
What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.
What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.
This sucks. I'm sorry. We will work very hard to make sure it does not happen again.
- Chris Best, CEO of Substack