Crypto on-ramp firm Transak has disclosed a recent data breach that affected over 92,000 users.
According to an Oct. 21 blog post, the company identified that a malicious actor gained access to an employee’s laptop through a phishing attack, giving them exposure to “specific user information stored within the vendor’s dashboard.”
The attacker compromised the employee credentials and was able to log in to the system of a third-party Know Your Customer vendor used for document scanning and verification services. Sensitive information such as names, dates of birth, passports, driver’s licenses and selfies of 92,554 users, or 1.14% of Transak’s user base, was compromised.
Transak offers a fiat-to-crypto gateway, enabling users to buy and sell digital assets using fiat money. It integrates directly with crypto wallets and decentralized applications (DApps) for transactions. The company provides non-custodial on-ramps for major crypto wallets and exchanges, such as Binance, MetaMask and Coinbase. According to Transak, no financial information was breached during the attack:
“After our thorough checks, we can confidently confirm that no financially sensitive information, including email addresses, phone numbers, passwords, credit card details, Social Security Numbers, or any other financial data, was compromised in any way.”
Affected users are being contacted by Transak. “If we do not email you, then you have not been affected,” said the company, adding that data protection authorities in the United Kingdom and regulators across the European Union and the United States have also been notified.
Another similar incident affected users of Fidelity Investments. The financial firm, one of the issuers of crypto exchange-traded products (ETPs), recently disclosed that a data breach compromised the personal information of over 77,000 customers between Aug. 17 and Aug. 19.
The incident was Fidelity’s fourth data breach over the last 12 months, with the others occurring on March 4, March 18 and July 19.
Magazine: 10 crypto theories that missed as badly as ‘Peter Todd is Satoshi’