Transak, a leading crypto payment services provider, has disclosed a significant data breach affecting over 92,000 users, which was revealed on October 21, 2024. The breach stemmed from a sophisticated phishing attack that compromised an employee’s laptop, resulting in the exposure of sensitive personal information. According to the company, the compromised data includes names, dates of birth, passport details, driver’s license information, and selfies submitted for Know Your Customer (KYC) verification. Fortunately, Transak confirmed that no financially sensitive information, such as bank statements or credit card details, was accessed during the incident.
In response to the breach, Transak’s CEO, Sami Start, emphasized the steps taken to mitigate the impact. The company has engaged leading cybersecurity firms and forensic experts to conduct a thorough investigation into the incident. Additionally, Transak has begun notifying the affected users and is implementing enhanced security protocols. The firm is also collaborating closely with its third-party KYC vendor to identify and rectify the vulnerabilities that were exploited during the attack. Notably, the employee linked to the security incident has since been terminated.
The ransomware group Stormous has claimed responsibility for the breach, asserting that it has obtained over 300 gigabytes of user data. The group has threatened to leak or sell the remaining data if its demands are not met. However, Transak has firmly stated that it will not engage in negotiations with the ransomware group, prioritizing the security of its users and the integrity of its operations. The incident has raised serious concerns about the security practices of cryptocurrency firms, particularly regarding their handling of sensitive user data.
As the investigation unfolds, Transak has assured its users that their funds remain secure due to the company’s non-custodial model. The firm has also notified relevant UK, EU, and US data protection authorities about the breach. This incident follows a troubling trend of data breaches in the crypto and finance sectors, including a recent attack on Fidelity Investments that exposed personal data of over 77,000 customers. Transak is committed to enhancing its security measures, which will include improved employee training, software upgrades, and systems improvements to safeguard against future phishing and social engineering attacks. As the crypto community watches closely, the outcome of this incident may influence user trust and prompt stricter regulations within the cryptocurrency sector.
Reference:
