Skip to main content

In the wake of the security breach at FTX’s bankruptcy claims agent, Kroll, earlier this month, sensitive information pertaining to FTX customers has been compromised, contrary to Kroll’s initial assertion that only “non-sensitive” data had been exposed.

Subsequent clarification on the nature of the leaked information has emerged in an updated FAQ document from Kroll, which has since circulated among FTX creditors via the social media platform X.

As per a shared screenshot, the compromised data encompassed the following confidential details related to FTX customers:

“Names, email addresses, mailing addresses, FTX account numbers, unique identifiers assigned as part of the bankruptcy process, FTX account balances, phone numbers, and/or other claims details.”

The FAQ document reaffirmed information previously conveyed by Kroll to customers, including the fact that FTX’s internal systems remained unaffected by the breach. It further advised customers that, aside from remaining vigilant for potential phishing scams, no additional action on their part was necessary as a response to the breach.

This document was disseminated by a cryptocurrency trader and FTX claimant who goes by the username “sunil_trades” on X:

In response to this post, multiple members of the crypto community expressed disappointment regarding the handling and safeguarding of data by Kroll, highlighting the potential risks posed to FTX customers due to the exposed data.

“From a physical security perspective, leaking the address along with the amount is a potential big deal especially if you are a high dollar creditor,” noted one user, while others claimed they have already received phishing phone calls, text messages, and emails.

‘Non-Sensitive Customer Data’

In correspondence dated August 25, immediately following the data breach, Kroll informed FTX claimants via email that the compromised information encompassed data such as names, addresses, and email addresses of FTX customers.

However, the communication omitted any mention of the exposure of details such as physical postal addresses and contact numbers.

In an earlier X post, FTX’s new management conveyed that solely “non-sensitive customer data of specific claimants” had been made vulnerable in the wake of the data breach.

AUTHOR: