Data Breach at Kroll Exposes Personal Data of Credit Claimants
Multiple reports on social media have raised concerns about a data breach at Kroll, a financial and risk advisory company. The breach has resulted in the unauthorized exposure of personal data belonging to some credit claimants.
Kroll is currently assisting with claims for insolvent companies FTX, BlockFi, and Genesis Global Holdco.
FTX and BlockFi have posted on social media that a security incident at Kroll has led to unauthorized access by a third party to their systems. However, they emphasize that only limited, non-sensitive customer data of specific claimants was exposed. Both companies assure that user passwords and client funds remain unaffected as their own systems were not directly breached.
Kroll has taken immediate action to contain and resolve the incident. They will also be directly notifying the individuals impacted by the breach.
In response to the reported breach at Kroll, several individuals involved in the pending bankruptcy cases of the crypto firms have shared samples of phishing emails they received on social media.
These phishing emails, impersonating FTX, claim that the recipient is eligible to withdraw digital assets from their accounts, supposedly matching their last known balance on the platform. The intention behind these messages is to deceive recipients into revealing the seeds that protect their cryptocurrency wallets, enabling the attackers to empty them.
Scope of the Incident
While Genesis has not made any public statements about the incident, CoinDesk editor Rob Mitchell shared a notice from the firm confirming the data breach. According to the notice, the breach occurred due to a SIM swapping attack on one of Kroll’s employees, targeting their T-Mobile number.
The attackers were able to bypass multi-factor authentication and gain access to Kroll’s cloud-based systems. As a result, they obtained full names, physical addresses, email addresses, and debtor claim details.
It is important to note that Kroll handles restructuring cases for hundreds of entities. Therefore, the data breach may potentially impact numerous organizations and individuals beyond the three mentioned crypto-investment companies and their creditors.
We have reached out to Kroll for comment on the incident, but have not received a response at the time of publication. Kroll has also not made any statements on their website or social media channels regarding the breach.