bitcoin
Bitcoin (BITCOIN)
$101,584 -3.18%
ethereum
Ethereum (ETHEREUM)
$3,263 -2.02%
binancecoin
BNB (BINANCECOIN)
$685.05 -3.40%
solana
Solana (SOLANA)
$241.00 -5.62%
ripple
XRP (RIPPLE)
$3.09 -4.65%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000020 -9.99%
pepe
Pepe (PEPE)
$0.000016 -15.53%
bonk
Bonk (BONK)
$0.000029 -13.43%
bitcoin
Bitcoin (BITCOIN)
$101,584 -3.18%
ethereum
Ethereum (ETHEREUM)
$3,263 -2.02%
binancecoin
BNB (BINANCECOIN)
$685.05 -3.40%
solana
Solana (SOLANA)
$241.00 -5.62%
ripple
XRP (RIPPLE)
$3.09 -4.65%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000020 -9.99%
pepe
Pepe (PEPE)
$0.000016 -15.53%
bonk
Bonk (BONK)
$0.000029 -13.43%
bitcoin
Bitcoin (BITCOIN)
$101,584 -3.18%
ethereum
Ethereum (ETHEREUM)
$3,263 -2.02%
binancecoin
BNB (BINANCECOIN)
$685.05 -3.40%
solana
Solana (SOLANA)
$241.00 -5.62%
ripple
XRP (RIPPLE)
$3.09 -4.65%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000020 -9.99%
pepe
Pepe (PEPE)
$0.000016 -15.53%
bonk
Bonk (BONK)
$0.000029 -13.43%
Disclosure
Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
Transak Reports Security Breach Affecting Over 92K Users After Phishing Attack

Highlights:

  • Transak reports a security breach affecting 92,554 users after a phishing attack on an employee’s laptop
  • However, no financial data was compromised, unlike personal information such as IDs, passports and selfie snapshots.
  • Transak has contacted authorities and is working to protect affected users and improve future security.

Transak, a cryptocurrency on-ramp service, revealed it suffered a security breach affecting 92,554 users. This was followed by phishing that penetrated an employee’s laptop and gained unauthorized access to sensitive personal data held by a third-party Know Your Customer (KYC) vendor. According to Transak’s official statement on October 21, the attacker exploited the employee’s credentials to access user information.

Advertisement

Banner

The compromised data included names, dates of birth, passports and driver’s licenses, and selfies taken to verify accounts. Transak, however, assured the users that there were no damages caused to financial data, for example, credit card details, Social Security number and email addresses. The company also confirmed that its non-custodial nature means users retain full control over their assets, ensuring funds were never at risk.

Phishing Attack Triggers Security Incident

The breach was traced to a phishing attack targeting one of Transak’s employees. This allowed a malicious actor to gain access to the employee’s laptop and, subsequently, to the system of a third-party KYC vendor used for document verification services. Through this unauthorized access, the attacker exposed the personal details of approximately 1.14% of Transak’s user base.

So far there is no evidence of data misuse. However, the incident has raised concerns about the vulnerability of third-party systems in the cryptocurrency industry. Transak immediately contacted affected users and notified data protection authorities in the UK, European Union and the United States. Users who were not affected will not be contacted, the company confirmed.

Stormous Ransomware Group Claims Responsibility

The Stormous ransomware group claimed responsibility. Moreover, they said they acquired 300 gigabytes of sensitive data, including personal documents used in the KYC process. It reportedly stated that some of the leaked data is online. Transak has not negotiated with the group, which demanded a ransom to prevent the release of further stolen information.

In response to the breach, Transak has committed to improving its security measures to prevent future incidents. The company plans to enhance employee training and strengthen its systems to guard against phishing attacks and other forms of social engineering.

Response and Ongoing Investigation

Transak responded to the breach by contacting a leading cybersecurity and forensic firm to investigate the incident. The company has also taken stronger security measures to prevent future phishing attacks. Some of these improvements include adding employee training, upgrading software defenses, and restricting access to sensitive systems.

Additionally, Transak is contacting affected users, asking them to remain cautious and watch for any suspicious activity. The company has offered users resources like identity monitoring that may help them guard against the misuse of their personal information.

However, Transak said its financial systems remained secure despite the breach, and no financial data was compromised during the attack. The firm operates a fully non-custodial platform, which means Transak never has users’ assets while they are always in total control of them.

The incident comes after a data breach at Fidelity Investments exposed personal information of over 77,000 customers. In addition, Tapioca DAO has offered a $1M bounty following the October 18 security breach, which led to a $4.7 loss. These breaches spotlight companies’ ongoing struggles to guard information regarding clients as well as guard users’ assets in the crypto and finance areas.

Advertisement

Banner

Advertisement

Banner

Advertisement

Banner