Transak, a crypto payment platform, says that attackers hacked the laptop of one of its employees, accessing the details of over 92,000 customers.
In the latest case proving just how important access management is, an attacker breached a single laptop, accessing the details of tens of thousands of people. According to Transak, a threat actor gained “unauthorized access” to an employee’s computer thanks to a “sophisticated” phishing attack.
Once inside, the cybercrook was able to use the breached laptop to access a third-party KYC (know-your-customer) vendor that Transak utilizes for document scanning and verification services.
Transak is a so-called “fiat-to-crypto” gateway, allowing users to buy and sell digital assets using government-issued currency.
According to the company, attackers were able to log in to the KYC vendor’s dashboard and access users’ information, including:
- Names
- Dates of birth
- ID documents, such as passports and driver’s licenses
- User selfies
Transak notes that just over 1% of its total user base was affected. The crypto firm stressed numerous times that “no financially sensitive information,” including details like email addresses, phone numbers, passwords, credit card details, or Social Security numbers, was compromised in any way.
“Transak operates as a fully non-custodial platform, meaning that user funds – whether fiat or cryptocurrency – are never held by us and therefore remain completely secure and unaffected by any such attack,” the company said.
The crypto off-ramp said it would launch an investigation into the attack and contact users affected by the breach. The Information Commissioner’s Office (ICO) in the UK and other regulators across the EU and US were also notified about the attack.
Your email address will not be published. Required fields are markedmarked