Transak, a company that offers fiat-to-crypto services, recently experienced a data breach that impacted over 92,000 users. The breach occurred due to a phishing attack on an employee’s laptop, which allowed unauthorized access to sensitive user information. The attackers used the employee’s credentials to breach a third-party vendor responsible for Know Your Customer (KYC) verification services.
As a result of the breach, personal details such as names, dates of birth, passport and driver’s license information, and selfies were compromised for 92,554 users, which represents 1.14% of Transak’s total user base. However, the company clarified that no financial information, such as email addresses, phone numbers, passwords, credit card details, or Social Security Numbers, was affected.
Transak provides non-custodial fiat-to-crypto gateways, enabling users to buy and sell digital assets through integrations with popular crypto wallets and decentralized applications. The company’s partners include prominent crypto platforms like Binance, MetaMask, and Coinbase.
In response to the breach, Transak has started reaching out to affected users and reassured others that they will only be contacted if their information was compromised. Additionally, the company has informed relevant authorities in the UK, EU, and the US about the incident.
This data breach incident at Transak underscores the persistent security challenges faced by the cryptocurrency industry, particularly in relation to phishing attacks targeting employees to gain unauthorized access to user data. It serves as a reminder of the importance of robust cybersecurity measures in safeguarding sensitive information in the digital age.
