Canadian crypto exchange Coinsquare said that an internal theft last year by a former employee resulted in personal information on some of its customers landing in the hands of a hacker or group of hackers.
Details of the incident were included in a story published earlier this week by news outlet Vice, which reported that the hacker or hackers intend to use the information – which contains email addresses, phone numbers and, in some cases, physical addresses – to perform SIM swap attacks. A SIM swap attack involves a fraudulent actor who uses personal information to effectively hijack a person’s phone number.
According to Cole Diamond, Coinsquare’s chief executive officer, the person quoted in the article is likely a former employee that stole data a year and a half ago.
Diamond said the former employee stole data from a customer relationship management (CRM) system. Coinsquare became aware of the issue a year ago and contacted the police and a privacy commissioner, Diamond said. He said the crypto exchange “leveled up” its internal controls to ensure employees could not remove data from its CRM systems.
According to Diamond, the referenced individual is trying to tarnish Coinsquare’s reputation as a secure cryptocurrency exchange over a theft that happened in the past.
“Why else would a hacker contact a reporter, who would then tip off the company?” he said.
Diamond said users whose data has been compromised have been contacted about changing their account information and enabling two-factor authentication. He declined to comment on the number of impacted users but said police are still investigating the scale of the theft.
“Anyone that is doing their job has to have access to data, so there’s only so much a business can do to protect itself from these sorts of occurrences,” he added.