Transak reported a data breach affecting over 92,000 users due to a phishing attack on an employee’s laptop, exposing user data.
The cryptocurrency on-ramp company Transak has revealed that it has had a data breach that has affected more than 92,000 users. The organization discovered that a hostile actor had gotten access to an employee’s laptop through a phishing attempt, which allowed them to gain access to “specific user information stored within the vendor’s dashboard.
The organization revealed this information in a blog post on October 21. In addition to gaining access to the system of a third-party Know Your Customer provider that was utilized for document scanning and verification services, the attacker was able to gain access to the employee credentials that were compromised.
The attacker compromised the personal information of 92,554 people, representing 1.14% of Transak’s user base. This information included names, dates of birth, passports, driver’s licenses, and selfies submitted by the users.
By providing a gateway that converts fiat currency to cryptocurrency, Transak enables customers to buy and sell digital assets using fiat currency. For the purpose of conducting transactions, it interacts directly with cryptocurrency wallets and decentralized applications (DApps).
The company offers non-custodial on-ramps for investors to use major cryptocurrency wallets and exchanges such as Binance, MetaMask, and Coinbase. Transak stated that there was no breach of any financial information during the incident. Transak is currently contacting the affected users.
“After our thorough checks, we can confidently confirm that no financially sensitive information, including email addresses, phone numbers, passwords, credit card details, Social Security Numbers, or any other financial data, was compromised in any way.”
In the event that we do not send you an email, then you have not been affected,” the business stated, adding that the data protection authorities in the United Kingdom as well as regulators from the European Union and the United States have also been contacted. Another incident of a similar nature affected users of Fidelity Investments.
The financial institution, one of the cryptocurrency exchange-traded product (ETP) issuers, recently announced that a data breach between August 17 and August 19 compromised the personal information of over 77,000 consumers. The incident was the fourth data breach that Fidelity has experienced over the course of the past year, with the previous three incidents occurring on March 4, March 18, and July 19.
