Customer data compromised in Kroll cyberattack
Kroll, a third party agent that gathers creditor claims on behalf of bankrupt companies and consults clients on cybersecurity, has suffered a hack.
Kroll, which is facilitating claims for insolvent companies FTX, BlockFi, and Genesis, has confirmed that one of its employees was the victim of a “highly sophisticated” SIM-swapping attack.
Hackers allegedly stole the Kroll employee's phone number and used it to gain access to some files with the personal data of bankruptcy claimants, the firm said. Three accounts of the aforementioned crypto companies were affected, with FTX and BlockFi confirming the incident on X.
“FTX has taken the precautionary measure of temporarily freezing affected user accounts within the customer claims portal,” said FTX.
The nature of exposed data is not explicitly mentioned. But the two companies said that user passwords and client funds haven’t been impacted as neither FTX’s nor BlockFi’s systems were directly breached.
Kroll said in a statement that a cyber-threat actor targeted a T-Mobile account belonging to a Kroll employee.
The firm stressed that T-Mobile, “without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor's phone at their request.”
Kroll also said that it will never ask its customers to provide their password over email, text message, or over the phone. The company will also never provide other identifying information such as a birthday date or a social security number, over email, phone, or social media.
This kind of reminder is timely because several people related to the crypto companies’ pending bankruptcy cases have already received phishing emails. Some are shared on social media:
In most cases, the messages impersonate FTX and claim that the recipient is eligible to begin withdrawing digital assets from their accounts. Quite obviously, these messages aim to phish people’s seed phrases that protect their cryptocurrency wallets, and to then empty them.
According to the company, it’s cooperating with the US Federal Bureau of Investigation and a full investigation is underway. Kroll has no evidence to suggest that other Kroll systems or accounts were impacted.
It’s quite ironic that Kroll, which has just suffered a hack, also promotes a cybersecurity consultancy service, involving “elite cyber risk leaders uniquely positioned to deliver end-to-end cyber security services worldwide.”
More from Cybernews
Subscribe to our newsletter