Miami-based fiat-to-crypto payment gateway Transak has disclosed a data breach that impacted 1.14% of its user base. The breach, which occurred due to a phishing attack on an employee’s laptop, allowed an attacker to access sensitive personal data of over 57,000 users.
Transak Has 5 Million Customers, About 57 Thousand People Affected by the Attack
The Stormous ransomware gang has claimed responsibility for the hack, stating that they stole 300 gigabytes of data from Transak, including personal identification information, financial statements, and selfies used for KYC verification. While Transak assures that no assets or financially sensitive data were compromised, the breach raises concerns about the security of centralized platforms used for cryptocurrency transactions.
Fractal ID, another decentralized identity system, was also targeted by Stormous in July. The gang claimed to have stolen 12 gigabytes of data from Fractal ID, including personal photos, bank statements, and cryptocurrency addresses. However, Fractal ID has denied any recent breach, stating that the stolen data is likely recycled material from the July incident.
Both Transak and Fractal ID have hired external parties to investigate the data breaches and are advising affected users to remain vigilant and monitor for suspicious activity.
