In a shocking revelation, Transak, a Miami-based fiat-to-crypto payment gateway, announced today that it had suffered a data breach affecting over 92,000 users. Notably, this crypto firm is the one that platforms like MetaMask, Trust Wallet, Coinbase, and Ledger. 

A Phishing Attack Unveiled

Transak reported that the breach originated from an attack on an employee’s laptop. The hacker exploited compromised credentials and gained entry into the system of a third-party Know Your Customer (KYC) vendor. 

The firm said it employed the vendor for document scanning and verification services.

The attacker continued beyond the initial point of access but extended their reach into sensitive areas of the company’s operations. This news has raised concerns about the integrity of user data across the platform.

The notorious Stormous ransomware gang has claimed responsibility for the breach. The bad actors boast that they have stolen 300 gigabytes of data from Transak. 

This includes sensitive documents such as IDs, addresses, financial statements, and selfies collected during the KYC onboarding process. 

Reportedly, the group is responsible for previous high-profile hacks. This  includes the breach of Fractal ID, a decentralized identity system used for Web3 projects.

This breach highlights the growing threat of cybercriminals using advanced tactics to attack organizations. 

Transak Confirms Data Breach, Assures Financial Safety

Unfortunately, the breach has compromised sensitive personal data, including names and other personally identifiable information (PII). 

Nonetheless, Transak has reassured its over 5 million users that no financial data, such as Social Security numbers or credit card details, was accessed. 

Transak’s CEO Sami Start emphasized the company’s commitment to user safety in a press release. He assured the affected users that the company is taking immediate action.

In a bid to contain the damage, the company has also engaged law enforcement and informed data protection authorities. This includes the Information Commissioner’s Office (ICO) in the UK.

Despite the news of no financial data breaches brought relief, users who rely on Transak’s services are still concerned about the exposure of the PII. 

Vigilance is Key for Affected Users

Phishing attacks and scams on crypto firms are increasing, with hackers using fake emails and websites to steal sensitive data and access wallets. As the crypto industry grows, these attacks become more advanced, highlighting the need for better security.

In light of this recent incident, Transak advises affected users to remain vigilant and monitor for suspicious activity. The company plans to provide guidance and resources to help users protect themselves from potential misuse of their information, including identity monitoring services.

The post Transak Reportedly Falls Victim to Phishing Attack appeared first on TheCoinrise.com.