Third-Party Data Breach Hits BlockFi And FTX

Third-Party Data Breach Hits BlockFi And FTX

There was a data breach at third-party agent Kroll, which manages creditor claims for bankrupt firms, causing customer data of lending platform BlockFi and crypto exchange FTX to be exposed.

The announcement

The announcement of the data breach was made by FTX on X, formerly called Twitter, where it said that non-sensitive customer data had been compromised in the pending bankruptcy case after the Kroll breach.

The post said that since Kroll had been breached, it was directly notifying the individuals affected and would inform them about measures they could take to protect themselves.

The exchange said that Kroll did not maintain the account passwords of its users and the incident did not have any impact on the FTX system.

The crypto exchange added that Kroll had reassured all debtors that the incident had been promptly controlled and remediated and the situation was now being closely monitored.

BlockFi also made a similar announcement of the breach and shared the email that it was sending to its users to inform them about the said breach.

The incident

According to BlockFi, the breach had happened on August 23rd, Wednesday and Kroll had confirmed that a portion of its clients’ data had been accessed by an unauthorized third party.

This included the data of some of the BlockFi clients that were stored on the platform. Even though sensitive crypto information and passwords are purportedly protected, the breach caused concerns.

Both BlockFi and FTX expressed concerns about the misuse of the other personal data of their clients and possible phishing attempts.

Warnings were issued by the two companies to their customers and they were advised to maintain caution and be wary of potential fraudulent or scam communications.

They also warned that these parties could pose as entities part of the bankruptcy proceedings to exploit the users.

More details

The email from BlockFi said that other crypto platforms that have been undergoing bankruptcy recently had also faced similar incidents.

It said that in the next few weeks, all users can expect to see a rise in spam phone calls and phishing attempts.

It further warned that neither BlockFi, nor Kroll, would ever contact any user to ask them about their personal information.

Not only does Kroll manage creditor claims of companies undergoing bankruptcy, but it also offers a variety of services.

Other than bankruptcy management, companies can also use Kroll for its cybersecurity consultancy services.

Some of the other clients of the company include Genesis, the crypto lender, which is a subsidiary of the Digital Currency Group.

In January this year, Genesis had also filed for bankruptcy and is using Kroll’s services, but it was not hit by the breach.