Transak, a crypto on-ramp firm, has recently revealed that it experienced a data breach that impacted more than 92,000 users. In a blog post on October 21, the company stated that a malicious actor gained unauthorized access to an employee’s laptop through a phishing attack, resulting in exposure to specific user information stored on the vendor’s dashboard.
The attacker was able to compromise the employee’s credentials and gain entry into a third-party Know Your Customer vendor’s system, which is used for document scanning and verification services. As a result, sensitive information such as names, dates of birth, passports, driver’s licenses, and selfies of 92,554 users, accounting for 1.14% of Transak’s user base, was compromised.
Transak is a fiat-to-crypto gateway that allows users to buy and sell digital assets using fiat money. It seamlessly integrates with crypto wallets and decentralized applications (DApps) for transactions. The company offers non-custodial on-ramps for major crypto wallets and exchanges, including Binance, MetaMask, and Coinbase. Fortunately, no financial information was breached during the attack, according to Transak.
Transak has taken immediate action to address the breach and is in the process of notifying affected users. The company emphasized that if users have not received an email from Transak, they have not been affected. Additionally, data protection authorities in the United Kingdom, as well as regulators across the European Union and the United States, have been informed about the incident.
This data breach is reminiscent of a similar incident that occurred at Fidelity Investments, a financial firm that issues crypto exchange-traded products (ETPs). Fidelity recently disclosed that the personal information of over 77,000 customers was compromised between August 17 and August 19. It is worth noting that this is the fourth data breach that Fidelity has experienced in the past year, with previous incidents occurring on March 4, March 18, and July 19.
In conclusion, data breaches pose significant risks to both individuals and companies operating in the crypto industry. It is crucial for companies to implement robust security measures and educate employees about the dangers of phishing attacks to prevent such incidents from occurring.