SIM Card as a Data Key: Kroll Data Breach and Risks for Crypto Platform Clients

On August 19, 2023, Kroll, a global leader in security consulting services, disclosed that one of its employees was targeted in a SIM-swapping attack. This incident led to a data breach affecting users of several cryptocurrency platforms that Kroll works with.

BlockFi, a crypto lender, and the now-bankrupt trading platform FTX both reported data security breaches resulting from the recent attack on a Kroll employee who was handling bankruptcy matters for both companies. According to Kroll’s official statement, the attack involved the employee’s T-Mobile phone number. “T-Mobile transferred our employee’s number to the attackers without any notification or authorization from Kroll,” the statement said. As a result, the attackers gained access to files containing personal information of clients from BlockFi, FTX, and Genesis.

Increased Risks for Crypto Clients

The SIM-swapping attack on the Kroll employee has heightened the risk for BlockFi, FTX, and Genesis clients to become victims of similar attacks or phishing attempts. Some clients have already reported receiving suspicious emails urging them to begin withdrawing digital assets from their FTX accounts.

Security Oversights and Lessons Learned

Kroll’s core business involves helping organizations manage cyber risks. While the company investigates data breaches and provides identity protection services, its staff apparently overlooked the risks associated with using T-Mobile for wireless communications.

This attack serves as a reminder of the need to minimize reliance on mobile carriers for security purposes. For example, many online services require a phone number during account registration, but users can often remove the number from their profile afterward to reduce risk.