TechFlow reports that on October 21, crypto payment provider Transak announced a recent security incident resulting in the exposure of basic identity information for 1.14% of its users. Transak stated that attackers gained access to an employee's laptop through a sophisticated phishing attack, which allowed them to log into a third-party KYC provider's system and access specific user data stored within that provider's dashboard.
The exposed information includes users' names and basic identity details. Transak emphasized that no financially sensitive data was compromised, including email addresses, phone numbers, passwords, credit card details, or social security numbers. As a non-custodial platform, user funds—both fiat and cryptocurrency—remain under users' full control and were unaffected by this incident.
Transak has taken multiple response measures, including hiring top-tier cybersecurity firms and forensic experts to conduct an investigation, increasing investment in data security, notifying affected users and partners, enhancing employee training and system safeguards, and reporting the incident to relevant data protection authorities. The company stated there are currently no signs indicating that the exposed data has been misused. Transak will provide affected users with resources such as identity monitoring services and urges all users to remain vigilant and monitor for suspicious activity.




