Fractal ID, a blockchain identity platform, reported a data breach on July 14 as highlighted in the website notice posted on July 17. The potentially compromised information includes details contained in Fractal ID user profiles.
This breach involved a third party gaining access to an operator’s account and using an API script to access the personal data of some of the users, occurring between 05:14 UTC and 07:29 UTC, impacting approximately 0.5% of Fractal ID’s total user base.
Fractal ID’s partners such as Gnosis Pay, Acala, Polygon ID, Lukso, and other Web3 apps may have been affected. Although Fractal did not indicate which of its partners were impacted, users of Gnosis Pay stated that they received notifications of the attack and that they should be cautious of any messages from unknown sources.
According to the official announcement, personal data including names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents may have been exposed, but the breach was contained within Fractal’s network without impact on clients’ systems or products.
As a result, the users impacted by the breach should avoid providing any other personal information to any unknown sources that may be fake. Fractal ID and its partners are still looking into the incident and have since stepped up security.
This breach occurred at a time when the cryptocurrency and blockchain industries are increasingly facing concerns over data privacy, especially given that KYC (Know Your Customer) standards involve the collection of users’ personal data.
Such incidents prove that the protection of personal data remains a problem that companies struggle to overcome.
Also Read: AT&T Pays $400,000 BTC Ransom to Hackers in 2022 Data Breach
