Cybersecurity breach at Kroll leaks FTX, BlockFi bankruptcy claimants’ data
FTX warned its community to be wary of bad actors who might try to capitalize on the incident.
Bankruptcy claims agent Kroll has suffered a cybersecurity incident that compromised the personal information of some FTX customers.
FTX officially confirmed the cybersecurity incident on social media platform X in an Aug. 25 post. As per the firm, the breach exclusively impacted non-sensitive customer data belonging to certain claimants involved in the company’s bankruptcy case.
The bankrupt exchange did not provide additional information about the impacted claimants. However, it assured the community that Kroll was directly notifying the impacted claimants of measures they could take to protect themselves.
FTX said:
“Kroll has assured the FTX [claimants] that it promptly contained and remediated the incident, and the FTX [claimants] are closely monitoring the situation.”
Meanwhile, FTX advised its users to be alert for any scam or fraud emails that might impersonate parties in the bankruptcy.
What happened?
While the public posts from the bankrupt firm claimed that the data compromise was from a security incident, an email sent to FTX claimants explained that the hackers gained control of the phone number of a Kroll employee and used that to access files stored in the company’s cloud.
The email did not specify when Kroll discovered the incident but stated that it promptly secured the affected account and launched investigations. The email further revealed that the compromise led to the release of the bankrupt clients’ name, address, email address, and FTX account balance.
BlockFi also affected
Another bankrupt crypto firm, BlockFi, revealed that the breach affected it.
According to the failed crypto lender, Kroll confirmed that there was unauthorized access to the data of some of its clients on the claims administration platform. However, the incident did not affect its internal systems and client funds.
“We can also confirm that BlockFi account passwords were never stored on Kroll’s platform. The incident occurred at Kroll and we are notifying you directly so that you can take actions to further protect yourself.”
The bankrupt lender also provided steps for users to protect themselves from third-party bad actors.