Transak hit with data breach affecting 1.14% of its user base
Transak provides non-custodial fiat-to-crypto gateways, allowing users to buy and sell digital assets via integrations with popular crypto wallets and decentralized applications
Transak, a company providing fiat-to-crypto services, has reported a significant data breach affecting more than 92,000 users.
In an Oct. 21 update, the firm revealed that the breach stemmed from a phishing attack targeting an employee’s laptop, leading to unauthorized access to sensitive user information.
According to Transak, the attackers exploited the employee’s credentials to infiltrate a third-party vendor responsible for Know Your Customer (KYC) verification services.
As a result, personal details — including names, dates of birth, passport and driver’s license information, and selfies — were compromised for 92,554 users, representing 1.14% of the company’s total user base.
Despite the exposure of personal data, Transak emphasized that no financial details were compromised. According to the firm:
“No financially sensitive information, such as email addresses, phone numbers, passwords, credit card details, or Social Security Numbers, was affected.”
Transak provides non-custodial fiat-to-crypto gateways, allowing users to buy and sell digital assets through integrations with popular crypto wallets and decentralized applications. Among its partners are major crypto platforms such as Binance, MetaMask, and Coinbase.
The company has begun contacting affected users, assuring others that they will only be contacted if their information is compromised. Transak has also informed relevant authorities in the UK, EU, and the US about the breach.
The Transak breach highlights ongoing security challenges in the crypto industry, particularly with phishing attacks that target employees to gain unauthorized access to user information.