Tue | Aug 29, 2023 | 4:30 AM PDT

Kroll, a leading provider of risk management and financial consulting services, finds itself in the midst of dealing with the consequences of a recent and alarming security breach.

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis. 

The breach originated from a SIM swapping attack, a method in which malicious actors fraudulently take control of a victim's phone number. In this case, the threat actor convinced T-Mobile to transfer the Kroll employee's phone number to their own SIM card without any authorization from Kroll or its employee. This unauthorized transfer granted the attacker control over the employee's communications and access to certain files containing sensitive data.

The compromised files contained personal information of bankruptcy claimants linked to BlockFi, FTX, and Genesis. While the exact nature of the exposed data is not specified, it is noteworthy that user passwords and client funds remained secure, as neither FTX nor BlockFi's systems were directly breached. 

Following the breach, reports emerged of phishing attempts targeting individuals associated with the affected crypto companies. These phishing emails impersonated FTX and enticed recipients with promises of withdrawing digital assets matching their last known balance on the platform. The objective was to collect users' seed phrases, the keys to their cryptocurrency wallets, and to potentially empty these wallets. 

An example of these phishing emails was shared by X user ZachXBT:

Kroll said it has initiated an investigation into the incident and is cooperating with relevant authorities, including the FBI. As of now, there is no evidence to suggest that the threat actor gained access to any other Kroll user accounts or systems beyond those related to BlockFi, FTX, and Genesis. A spokesperson for Kroll has clarified that the impact is limited to these three crypto-investment companies and their creditors.

The Kroll breach serves as a reminder of the ever-evolving tactics employed by cybercriminals. In response, it's imperative for individuals and organizations to adopt robust security practices. This includes implementing multi-factor authentication (MFA) mechanisms that are resistant to phishing attempts, as well as maintaining a heightened awareness of social engineering attacks.

As financial institutions and individuals navigate the digital age, vigilance and security must remain paramount to safeguard sensitive data and protect against the relentless efforts of cybercriminals.

Follow SecureWorld News for more stories related to cybersecurity.