Kroll’s hacking incident might have claimed more than non-sensitive data, as initially reported.
The data breach that Kroll, the claims agent in FTX’s bankruptcy, suffered is allegedly more serious than initially reported, involving sensitive customer data.
According to a FAQ sheet that appeared on X (formerly Twitter), information like names, mailing and email addresses, phone numbers, FTX account numbers and the balance in those accounts was potentially leaked.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Polkadot in Crypto? (DOT Animated Explainer)
Initially, on August 25th, FTX stated that the incident only impacted non-sensitive customer data of certain claimants, while Kroll reported that immediate actions were taken to secure the affected accounts.
Kroll also notified the affected users directly, with both companies maintaining that no crucial information had been stolen. However, the published FAQ highlighted some of the potentially sensitive data that could severely impact the users.
The leak was caused by a SIM swapping attack when the hacker used T-Mobile to transfer a Kroll employee’s phone number into his own phone.
As a result, it appears the threat actor gained access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis.
In the initial messaging, FTX assured the users that their passwords were safe because they were kept on FTX’s systems. However, the aforementioned information apparently was available to Kroll due to the companies’ relationship in the bankruptcy case.
Kroll and FTX then urged the users to be cautious of possible scams related to the incident. Soon after, there were reports that users received suspicious emails claiming to be from FTX and promising to give back their funds if the users followed specific instructions.
Phishing attacks against crypto enthusiasts are increasing in frequency and notoriety. In June, 8 X accounts of notable crypto figures were hacked, which ultimately saw $1 million in cryptocurrencies stolen.
