Leading in global security consulting, Kroll revealed that one of its staff members fell victim to a SIM-swapping attack, leading to the exposure of user data from several cryptocurrency platforms associated with the company.
Breached Borders: Attack Exposes BlockFi, FTX, and Genesis Customers
Kroll officially stated that the attack on August 19, 2023, targeted an employee whose T-Mobile number was commandeered by attackers without authorization. As a result, the attackers obtained files containing personal information of customers from BlockFi, FTX, and Genesis.
The SIM-swapping incident involving the Kroll employee has escalated the vulnerability of BlockFi, FTX, and Genesis customers to potential phishing attempts or similar attacks. Some users have already reported receiving suspicious emails offering assistance in withdrawing digital assets from their FTX accounts.
Despite Kroll’s primary role in cyber risk management, its employees seemed unaware of the associated risks of relying on T-Mobile for wireless communication. This incident underscores the necessity of minimizing dependence on mobile carriers for security measures.
The attack on Kroll serves as a stark reminder of the imperative to decrease reliance on mobile carriers to ensure security. Although many online services mandate a phone number during registration, the ability to remove that number from your profile is a crucial step in safeguarding personal information.