Transak, a cryptocurrency on/off-ramp service, confirmed on Oct. 21 that experienced a data breach affecting 1.14% of its users. A ransomware group claimed to have obtained sensitive data but Transak confirmed only limited information was accessed. The company said it is taking steps to address the incident and has contacted affected users and relevant authorities.
Hackers Threaten Data Leak Unless Ransom Paid
The cryptocurrency on/off-ramp service, Transak, said the recent breach on its platform affected only 1.14% of its user base, or 92,544 users. After detecting the incident, Transak immediately took steps to “contain the breach, secure our systems, and protect our users’ information.”
Transak‘s confirmation of the attack came just hours after a ransomware group claimed to have extracted more than 300 gigabytes of data in a phishing attack. The group said it released only a small portion of the data, which did not include sensitive information, but warned it would proceed to leak this data if failed to pay the ransom.
Must Read: ‘Human-layer’ cybersecurity and AI thwart data breaches
In a statement explaining the incident, it is to be said the attacker initially gained access to its platform through an employee’s laptop. According to Transak, only specific user information stored within the vendor’s dashboard was accessed by the attackers. Regarding the ransomware group’s threats to leak more sensitive information, Transak said:
After our thorough checks, we can confidently confirm that no financially sensitive information, including email addresses, phone numbers, passwords, credit card details, Social Security Numbers, or any other financial data, was compromised in any way. Our financial systems’ security measures remain robust, and we continue to protect all critical data, ensuring the highest level of privacy and security for our users.
Transak, which is reportedly used by platforms such as Metamask, Binance, and Trust Wallet, added that its platform is a “fully non-custodial platform.” This makes it impossible for third parties or the attackers to siphon user funds.
According to the statement, Transak has reached out to affected users and informed relevant data protection authorities in the United Kingdom, the European Union, and the United States.
Source: Bitcoin