Crypto on-ramp service provider Transak today disclosed a data breach that impacted more than 92,000 users.
In a blog post, the company explained that the breach occurred after a phishing attack allowed a malicious actor to access an employee’s laptop. This granted the attacker access to specific user data stored within a third-party vendor’s dashboard.
The compromised data includes sensitive personal information like names, dates of birth, passports, driver’s licenses, and selfies from 92,554 users, which represents about 1.14% of Transak’s total user base. The breach occurred through the system of a Know Your Customer (KYC) vendor used for document scanning and verification services.
Transak, which provides a fiat-to-crypto gateway integrated with major crypto wallets and decentralized applications, assured users that no financial information was exposed during the breach. The company confirmed that details like passwords, credit card information, phone numbers, and Social Security numbers were not compromised.
Impacted users are being notified via email, while unaffected users are reassured that they will not receive any communication. Data protection authorities in the UK, EU, and US have also been informed.
This incident follows a similar breach at Fidelity Investments, where the personal data of over 77,000 customers was exposed between August 17 and August 19.
Cybercriminals breached the asset manager’s network, accessing sensitive information like names, Social Security numbers, financial account details, and driver’s license information.
A Tennessee resident accused Fidelity of delaying notification to customers, stating the company failed to disclose the breach “for several weeks” after it happened. The proposed class action lawsuit claims negligence, breach of implied contract, and unjust enrichment, seeking compensation for litigation costs and financial relief.
The lawsuit also demands that Fidelity improve its security measures, such as segmenting customer data, halting the transmission of personal information via unencrypted emails, hiring third-party auditors, and employing internal security personnel to conduct regular tests.
OpenAI, the creator of ChatGPT, and telecom giant AT&T have both faced data breaches this year. In AT&T’s case, over 100 million customers were impacted.
