The FTX bankruptcy claims agent reportedly confirmed that users’ personal data were leaked, contrary to earlier claims.
It appears that a data breach involving FTX bankruptcy claims agent Kroll has resulted in the leak of sensitive information, contrary to earlier reports.
In an alleged Kroll Q&A summary published on Aug. 30, FTX users’ email addresses, mailing addresses, account numbers, unique bankruptcy identifiers, account balances, phone numbers and other claim details were all reportedly breached in a cybersecurity incident that FTX revealed on Aug. 24. Previously, FTX wrote that Kroll “experienced a cybersecurity incident that compromised non-sensitive customer data of certain claimants in the pending bankruptcy case."
Kroll Data Leak Urgent— Sunil (FTX Creditor Champion) (@sunil_trades) August 30, 2023
Kroll email (25 Aug) saying that name, address, email address, and the balance in FTX account was leaked
On Kroll's Q&A they state the information leaked is the above +
FTX account no., Unique ID and Phone numbers
Creditors Please be Safe pic.twitter.com/HaYhttZLAs
Immediately after the incident, FTX said account passwords were not maintained by Kroll and that the firm’s own systems, along with its digital assets, were not affected. A day later, the bankrupt exchange said it would temporarily freeze the accounts of affected customers within the claims portal.
According to the report, Kroll has since “contained and remediated” the incident. However, it warned that users should remain on “high alert” for "fraud and scam” attempts that appear legitimate via the stolen data. Shortly after the breach, multiple users began reporting phishing emails disguised as being from Kroll.
New rounds of phishing attacks already underway for the poor users of FTX, BlockFi, Genesis, as a result of the Kroll data leak, which seems to be a result of a SIM swap on an employee.♂️— CZ Binance (@cz_binance) August 27, 2023
Learn to protect yourself. Learn about phishing attackshttps://t.co/AtcevQciVR pic.twitter.com/pbHFnhsArK
FTX had over 1 million users at the time of its bankruptcy filing last November. On Nov. 12, 2022, just one day after its bankruptcy announcement, FTX was hacked for nearly $400 million in an alleged inside job, sparking an investigation by the U.S. Department of Justice. The bankruptcy proceeding has come under fire for its length and cost, with over $32.5 million spent on legal fees in February alone.
Cointelegraph contacted Kroll for comments but did not receive a response in time for publication.