A recent data breach at cryptocurrency payment processor Transak has exposed the personal information of more than 92,000 users after a hacker gained access to an employee’s laptop. The Miami-based firm confirmed the incident in a statement, emphasizing that while no financial data or critical information was compromised, sensitive personal details such as names, birthdays, passports, driver’s license information, and user selfies were leaked.
Transak is a major player in the crypto space, serving nearly six million users across 160 countries and 46 U.S. states. Its platform facilitates the buying and selling of more than 170 types of cryptocurrency and non-fungible tokens (NFTs), making this breach a significant event in the cryptocurrency world.
Details of the Breach
The breach was the result of a “sophisticated phishing attack” that granted the attacker access to one of Transak’s third-party vendors responsible for know-your-customer (KYC) processes. This vendor handles document scanning and verification, which explains how the exposed data included highly sensitive personal information used for identity verification. Transak, however, assured users that “no financially sensitive or critical information was compromised,” and reiterated that the breach affected only about 1% of its user base.
Despite the personal data leak, the company emphasized that user funds, whether in fiat currency or cryptocurrency, remain completely secure. Transak operates as a non-custodial platform, meaning it does not store or hold users’ assets. As such, users retain full control of their funds, ensuring no risk of financial loss due to this attack.
Threat of Ransomware and Data Theft
The Stormous ransomware group has claimed responsibility for the attack, asserting that it has stolen 300 gigabytes of data, which includes sensitive information such as government-issued IDs, proof of address, financial statements, and more. The group has threatened to sell or leak the stolen data if Transak does not meet their ransom demands.
So far, Transak has not disclosed when the breach took place or whether any communication has occurred between the company and the hackers. However, the company has taken swift action, hiring a cybersecurity firm to investigate the breach, identify how the attack occurred, and prevent further unauthorized access. Additionally, Transak has reported the incident to the U.K.’s Information Commissioner’s Office (ICO), as well as other regulatory bodies in the EU and U.S.
Growing Threats in the Crypto Space
This breach is yet another in a series of attacks on cryptocurrency-related companies, highlighting the growing cybersecurity risks in the sector. Just last week, decentralized finance platform Radiant Capital lost over $50 million worth of cryptocurrency due to a separate cyberattack. As cryptocurrency continues to gain popularity and adoption, the frequency and sophistication of these cyberattacks have also increased, driven by both cybercriminal organizations and state-sponsored actors.
Ongoing Investigation and User Notification
Transak has stated that they are contacting affected users directly via email and are in the process of notifying any impacted partners to maintain transparency. However, the company has not yet disclosed which specific partners were affected by the breach or how they were impacted. Users concerned about the breach are encouraged to reach out to Transak for further clarification.
This breach serves as a reminder of the ongoing vulnerabilities in the cryptocurrency space, particularly regarding third-party vendors and the risks associated with storing personal data for KYC processes. With the evolving nature of cyber threats, it is crucial for both companies and users to remain vigilant and prioritize strong security measures to protect personal and financial information.
Conclusion
As the investigation continues, it remains to be seen how Transak will address the full scope of the damage caused by the data breach. While no financial losses have been reported, the exposure of sensitive personal data is a significant concern for users and the broader cryptocurrency community. This breach underscores the need for continued improvements in cybersecurity practices, especially in an industry that is constantly targeted by both cybercriminals and hostile nation-states.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
