A data breach has struck financial and risk advisory firm Kroll, exposing the personal data of select credit claimants, including those tied to struggling companies FTX, BlockFi, and Genesis Global Holdco.
This breach, flagged across social media platforms, is linked to a SIM-swapping attack that targeted a Kroll employee. The hackers managed to acquire the employee’s phone number, which enabled them to access certain files containing sensitive bankruptcy claimant information. Both FTX and BlockFi have confirmed that while the breach exposed limited and non-sensitive customer data, user passwords and client funds remain unaffected due to the lack of direct breaches within their systems.
Kroll swiftly took action following the attack. In a statement, the firm revealed that a threat actor had gained unauthorized access to files containing personal information of bankruptcy claimants from BlockFi, FTX, and Genesis. Kroll’s prompt response resulted in securing the affected accounts and notifying those individuals impacted by the breach.
Additionally, in the aftermath of the breach, individuals connected to the crypto firms reported receiving phishing emails. These malicious messages, masquerading as FTX communications, aimed to trick recipients into divulging the seeds that protect their cryptocurrency wallets.
CoinDesk editor Rob Mitchell shared details from Genesis regarding the breach, stating that the incident stemmed from a SIM swapping attack on a Kroll employee’s T-Mobile number. This allowed the attackers to bypass multi-factor authentication (MFA) and access files within Kroll’s cloud-based systems, containing vital information such as names, addresses, and debtor claim details.
Kroll, renowned for managing restructuring cases for numerous entities, has asserted that the breach’s impact is confined to the three mentioned crypto-investment companies and their creditors. The firm’s spokesperson assured that the breach was contained within these parameters, with no evidence of lateral movement or access to other Kroll user accounts or systems.