FTX, BlockFi, Genesis creditors sue Kroll over data breach leading to phishing attacks
0
0
Disgruntled creditors of FTX, BlockFi, and Genesis are suing global risk advisory firm Kroll over alleged negligence tied to a data breach that exposed their personal information and subjected them to phishing attacks.
According to the August 19 lawsuit filed in a US district court on behalf of FTX customer Jacob Repko and other affected parties, Kroll failed to protect the sensitive data it collected during the claims administration process.
The plaintiffs argue that this not only enabled cybercriminals to target victims with phishing scams but also eroded trust in the broader bankruptcy proceedings.
The complaint centres around Kroll’s alleged overreliance on a single mode of communication—email—when it comes to communicating with thousands of crypto creditors.
The lawsuit claims that this email-only outreach strategy created a single point of failure, which attackers exploited to impersonate parties involved in the FTX, BlockFi, and Genesis bankruptcy cases.
As a result, users were deceived into clicking phishing links, which compromised private information, and in some cases, even led to some users completely losing access to their existing cryptocurrencies.
Plaintiffs allege that Kroll’s verification process for creditor claims was inadequately secured, which also led to delays and confusion during the already complex bankruptcy reimbursement phases.
They argued that these missteps compromised the integrity of the process and made matters worse for creditors who were still reeling from the collapse of the major crypto firms in question.
The 2023 Kroll data breach
Kroll was the victim of a data breach in August 2023, but at the time, the firm said the breach involved only “non-sensitive” information.
However, for the creditors named in the suit, that characterisation underestimated the damage.
Per the lawsuit, attackers were able to access names, email addresses, and other identifying details, which gave them enough information to create convincing phishing emails that looked like legitimate communications from bankruptcy administrators or affiliated firms.
While FTX and BlockFi have also previously claimed that no passwords or internal systems were compromised, several creditors have reported otherwise.
In recent weeks, affected users, including prominent FTX creditor Sunil Kavuri, have reported a surge in targeted scam emails.
Other community members have also shared similar experiences on social media. See below.
I received it as well, and they didn’t use the email I filed the objections with; instead, they used the email linked to my FTX.com account
For now, Kroll has not yet responded publicly to the latest legal action, though in the past it has said the breach was contained and that affected parties had been notified.
Hall Attorneys, which filed the lawsuit, believes eligible participants may be entitled to monetary compensation if the court rules in their favour.
They also expect the lawsuit to compel Kroll to overhaul its communication and data-handling practices to prevent further exposure.
The post FTX, BlockFi, Genesis creditors sue Kroll over data breach leading to phishing attacks appeared first on Invezz
0
0
Manage all your crypto, NFT and DeFi from one placeSecurely connect the portfolio you’re using to start.
0
0
0
0
0
0