Kroll, a prominent risk and financial advisory company, has provided additional insights into the data breach that occurred in August, exposing the personal information of FTX bankruptcy claimants. The breach, previously reported, compromised sensitive details, including coin holdings and balances, potentially enabling malicious actors to identify and target individuals heavily invested in cryptocurrency markets.
In letters dispatched earlier this month, as highlighted by Emsisoft threat analyst Brett Callow, Kroll emphasized the significance of the exposed information, encompassing personal data such as names, email addresses, phone numbers, addresses, claim numbers, claim amounts, FTX account IDs, coin holdings, balances, and, in a limited number of cases, dates of birth.
Crucially, Kroll assured that the incident had no impact on FTX systems or digital assets, emphasizing that the company does not store passwords for FTX accounts. Kroll advised affected individuals to exercise vigilance and take preventive measures, anticipating potential phishing attempts through emails, text messages, and social media messages seeking unauthorized access to cryptocurrency accounts and digital assets.
Kroll's recommendations for those at risk include:
Refrain from sharing passwords, seed phrases, private keys, or other confidential information with untrusted entities, applications, websites, or devices.
Exercise caution and verify the legitimacy of any communication related to claims or FTX accounts, avoiding presumptions solely based on the information provided.
In an effort to fortify protection against targeted phishing attacks, Kroll suggested investors store their cryptocurrency in cold wallets, enhancing security against potential theft by threat actors.
Kroll Confirms Impact on BlockFi and Genesis Creditors
Kroll acknowledged on August 25 that one of its employees fell victim to a SIM-swapping attack, wherein hackers targeted their T-Mobile account to steal their phone number. This breach allowed unauthorized access to certain files containing personal information of bankruptcy claimants.
Subsequent to Kroll's breach disclosure, phishing emails surfaced, posing as FTX and falsely claiming eligibility for withdrawing digital assets from affected accounts. Notably, these phishing messages aligned with recipients' last known balances on cryptocurrency platforms, with the intent of coaxing targets into divulging the seeds protecting their cryptocurrency wallets.
Despite Kroll managing restructuring cases for numerous organizations, a spokesperson clarified that the breach's impact was confined to FTX, BlockFi, and Genesis Global Holdco crypto-investment companies and their creditors. The spokesperson emphasized that there is no evidence suggesting lateral movement or unauthorized access to other Kroll user accounts or systems.
However, sensitive information pertaining to BlockFi and Genesis creditors exposed during the breach has not been disclosed by Kroll at this time.