Transparency and Action: Transak’s Response to a Recent Security Incident

Published:

Updated:

Transak Docs

 

At Transak, the security and privacy of our users are of paramount importance. We recently discovered a security incident that impacted 1.14% of our user base (92,554 users). Upon detection, we immediately initiated a comprehensive response to contain the breach, secure our systems, and protect our users’ information. Importantly, no financially sensitive or critical information was compromised. In this article we share the details of the incident and the actions we have taken to ensure the ongoing security of our platform and our users.

What happened

We have recently identified that an attacker gained unauthorized access to one of our employee’s laptop through a sophisticated phishing attack. Using the compromised credentials, the attacker was able to log in to the system of a third-party KYC vendor that we use for document scanning and verification services. As a result, the attacker gained access to specific user information stored within the vendor’s dashboard.

What data was accessed

The attacker was able to login to the dashboard of this KYC vendor and gain access to the following for affected users:

  • Names
  • Dates of Birth
  • ID documents (e.g., passports, driver's licenses)
  • Selfie photos and videos

After our thorough checks, we can confidently confirm that no financially sensitive information, including email addresses, phone numbers, passwords, credit card details, Social Security Numbers, or any other financial data, was compromised in any way. Our financial systems’ security measures remain robust, and we continue to protect all critical data, ensuring the highest level of privacy and security for our users.

Transak operates as a fully non-custodial platform, meaning that user funds—whether fiat or cryptocurrency—are never held by us and therefore remain completely secure and unaffected by any such attack. Users retain full control over their assets at all times, ensuring that no funds are ever at risk.

We deeply empathise with how frustrating and disappointing this must be for the affected users. Our top company priority is taking action to protect users and fix any vulnerabilities to ensure nothing like this ever happens again.

How we are responding

Since learning of the breach, we took immediate and comprehensive action to secure our system:

  1. We have engaged one of the industry’s leading cybersecurity firms, along with top forensic experts, to conduct an in-depth investigation. Their expertise has allowed us to quickly assess the situation, identify the breach points, and immediately halt any further unauthorized access.

  2. We continue to invest heavily in data security, system security, compliance, and reliability.

  3. We are reaching out to the affected users. Please note that this attack affected 1.14% of the total users of Transak, and if we do not email you, then you have not been affected.

  4. We are also reaching out to any affected partners to share transparency on how they were affected.

  5. We are improving training, software, and systems to prevent phishing and social engineering attacks on our team members and to limit any access or damage if an attack occurs.

  6. We have informed relevant data protection authorities, including the Information Commissioner’s Office (ICO) in the UK and other regulators across the EU and US, with reviews for other countries in progress.

What this means for our users

Currently, there is no indication that the data has been misused. However, we advise affected users to remain vigilant and monitor for suspicious activity. We will be reaching out to affected users with advice and resources on protecting themselves from potential misuse of the information and offering resources such as identity monitoring services.

We are here to help

Transak is on a mission to help make blockchain and web3 applications accessible to mainstream users. Our approach is grounded in compliance, security, transparency, and trust. We apologize for this incident, and we ask for your continued trust and support as we continue to build high-trust, high-reliability fiat on/off-ramp services for global applications.

If you have any questions or concerns regarding this incident, please do not hesitate to reach out. You can contact us directly at [email protected], and our team will be available to assist you with any inquiries.

Sincerely,
Transak Security Team

About the Author:

Transak Team