Crypto on-ramp firm Transak has reported a data breach affecting over 92,000 users. This was due to a phishing attack on an employee, which allowed the attacker to access personal information through a third-party Know Your Customer vendor system.
Incident Details
According to an Oct. 21 blog post by Transak, a phishing attack on one of the company’s employees enabled the attacker to gain access to their laptop. This allowed access to the system of a third-party Know Your Customer vendor used by Transak for document scanning and verification services. As a result, personal information including names, dates of birth, passports, driver's licenses and selfies of 92,554 users, or 1.14% of Transak's user base, were compromised. However, financial information was not breached.
Data Protection Measures
Affected users are being notified by Transak. The company stated that users who do not receive an email have not been affected. Additionally, data protection authorities in the United Kingdom and regulators across the European Union and the United States have been informed about the incident. Transak is currently cooperating with law enforcement for further investigation.
Other Data Breach Incidents
A similar incident occurred with Fidelity Investments, where the personal information of over 77,000 clients was compromised between August 17 and August 19. This was the fourth data breach for Fidelity within the past 12 months, with previous incidents occurring on March 4, March 18, and July 19.
The data breach incident at Transak serves as a reminder of the critical security measures that need to be implemented in the digital realm. Both users and companies must remain vigilant and proactively protect their data against such threats.