Transak, a cryptocurrency on-ramp used by major blockchain platforms such as Metamask, Binance, and Trust Wallet, reported today that it experienced a security breach affecting about 1.14% of its users, which is around 92,554 people.
The breach was traced to a phishing attack that compromised the laptop of one of the employees. The attacker exploited this unauthorized access to infiltrate a third-party Know Your Customer (KYC) vendor that Transak uses for document verification services.
As a result, specific user data was accessed, including names, dates of birth, ID documents (such as passports and driver’s licenses), and user selfies, according to the report shared.
However, Transak said that “no financially sensitive or critical information was compromised.” The company also reassured users that their funds remained secure as it operates as a fully non-custodial platform, meaning users retain full control over their assets.
After discovering the breach, Transak acted quickly to secure its systems. They have hired a cybersecurity company and forensic experts to thoroughly investigate what happened and its impact.
Transak has also started contacting affected users to inform them about the situation. The company stated, “If we do not email you, then you have not been affected.”
To avoid similar issues in the future, Transak plans to improve employee training and security measures to better protect against phishing attacks.
Additionally, the company has notified relevant data protection authorities, including the UK’s Information Commissioner’s Office (ICO), and is working to comply with regulations
Currently, there is no evidence that the accessed data has been misused. However, affected users are encouraged to stay alert and watch for any suspicious activity.
Also Read: WazirX moved $75 Million worth user funds after hack: Coinswitch CEO