Payment platform Transak has confirmed that third parties accessed data belonging to 92,554 customers, approximately 1.14% of its user base. The company emphasized that no critical financial information was compromised during the breach.
According to Transak, the incident occurred after a company employee fell victim to a phishing attack, which allowed attackers to gain access to the employee’s work laptop.
“Using the stolen credentials, the attacker accessed the KYC provider’s system that we use for document verification,” the platform’s representatives stated.
The breached data includes:
- Names;
- Dates of birth;
- Identity documents (passports, driver’s licenses, etc.);
- Client selfies.
“We can confidently state that financially sensitive information, such as passwords, email addresses, phone numbers, credit cards, and other critical details, was not compromised,” assured the security team.
While no misuse of the stolen data has been identified so far, Transak advises users to remain vigilant and monitor for suspicious activity. The company has pledged to send instructions on next steps to affected users.
Incident Response
Transak has engaged top cybersecurity experts to investigate the incident and mitigate its impact. Regulatory authorities in the UK, EU, and US have been notified.
In a comment to CoinDesk, Transak CEO Sami Start confirmed that the employee responsible for the breach has been dismissed. The extortion group Stormous later claimed responsibility for the incident.
🚨Cyberattack Alert ‼️
— HackManac (@H4ckManac) October 21, 2024
🇺🇸USA – Transak
Stormous hacking group claims to have breached Transak, a developer integration for a fiat-to-crypto payment gateway.
Allegedly, 300 GB of sensitive personal documents, including government-issued IDs, proof of address, financial… pic.twitter.com/edy856IfQZ
The group alleges that the stolen data exceeds 300 GB, including personal documents, proof of address, and financial reports.
Stormous also claims that data belonging to “over 1 million users,” including customers of other crypto platforms, has been compromised.
Transak’s Ecosystem
Transak’s platform integrates with major services such as MetaMask, Trust Wallet, Coinbase Wallet, Ledger, and Bitpay.
According to CoinDesk, Stormous is demanding $30,000 for the deletion of the data. However, Transak has stated that it will not negotiate with extortionists.
Related Incidents
In October, the Radiant Capital platform, supported by Binance Labs, lost over $50 million in a hack where attackers accessed keys to modify smart contracts.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.