FTX and BlockFi Hit by Third-Party Data Breach, Exposing User Data
Kroll, a third-party agent responsible for managing creditor claims for bankrupt companies, has been hit by a data breach, leading to the compromise of customer data from crypto exchange FTX and lending platform BlockFi.
FTX took to X–formerly known as Twitter–to announce that Kroll experienced “a cybersecurity incident that compromised non-sensitive customer data of certain claimants in the pending bankruptcy case.”
“The incident occurred at Kroll, and Kroll is notifying affected individuals directly with measures that customers can take to protect themselves,” the post reads.
According to the exchange, its users’ account passwords were not maintained by Kroll, and FTX’s own systems were not affected by the incident.
“Kroll has assured the FTX Debtors that it promptly contained and remediated the incident, and the FTX Debtors are closely monitoring the situation,” added the exchange.
In a similar manner, BlockFi announced a similar breach, sharing the email the firm is sending out to inform users.
BlockFi said that the incident occurred on Wednesday, August 23, and that Kroll confirmed “an unauthorized third party gained access to a portion of its client data, including certain BlockFi client data housed on its platform.”
Decrypt has reached out to Kroll for comments and will update this article should we hear back.
FTX, BlockFi raise security concerns
Although passwords and sensitive crypto account information are purportedly protected, both FTX and BlockFi raised concerns about potential phishing attempts and the misuse of other personal data.
Both companies issued warnings to their customers, advising them to be cautious of potential scams or fraudulent communications from parties posing as entities involved in the bankruptcy proceedings.
“Similar incidents have impacted other crypto platforms in bankruptcy recently. In the following weeks, you should expect an uptick in phishing attempts and spam phone calls,” reads BlockFi’s email. “BlockFi and Kroll will never call, email, or text you to ask you for your personal information.”
Aside from managing creditor claims for bankrupt companies, Kroll is offering a range of services beyond bankruptcy management, including a cybersecurity consultancy.
Among the company’s clients is also crypto lender Genesis, the subsidiary of Digital Currency Group, which filed for bankruptcy in January. Genesis didn’t immediately respond to Decrypt’s request for comment.