A security vulnerability was identified in the Authy phone change process that could expose personal data of less than 0.2% of users who changed their phone number since February 2014. The Authy team moved records to a secure location, implemented data protection methods, and sent email notifications to potentially affected users offering identity protection services. The Authy API and authentication services were unaffected by the vulnerability.