Transak, a fiat-to-cryptocurrency services company, has reported a major data breach affecting over 92,000 users.
The company said in an Oct. 21 update that the breach stemmed from a phishing attack that targeted employee laptops, leading to unauthorized access to sensitive user information.
According to Transak, the attackers used employee credentials to compromise a third-party vendor responsible for know-your-customer (KYC) verification services.
As a result, personal information such as names, dates of birth, passport and driving license information, and selfies were compromised for 92,554 users, representing 1.14% of the company's total user base.
Despite the leak of personal data, Transac stressed that no financial details were compromised. According to the company,
“Sensitive financial information such as email addresses, phone numbers, passwords, credit card details, and social security numbers were not affected.”
Transak provides a non-custodial fiat-to-cryptocurrency gateway, allowing users to buy and sell digital assets through integration with popular cryptocurrency wallets and decentralized applications. Its partners include major crypto platforms such as Binance, MetaMask, and Coinbase.
The company has begun contacting affected users and assured others that it will only contact them if their information has been compromised. Transac also notified the relevant authorities in the UK, EU and US of this breach.
The Transak breach highlighted ongoing security challenges in the cryptocurrency industry, including phishing attacks that specifically target employees to gain unauthorized access to user information.
mentioned in this article