Coinsquare CEO confirms client data was stolen by a former employee after report of SIM swap threat

Security • June 4, 2020, 4:42PM EDT
Shutterstock

Canadian crypto exchange Coinsquare said that an internal theft last year by a former employee resulted in personal information on some of its customers landing in the hands of a hacker or group of hackers.

Details of the incident were included in a story published earlier this week by news outlet Vice, which reported that the hacker or hackers intend to use the information – which contains email addresses, phone numbers and, in some cases, physical addresses – to perform SIM swap attacks. A SIM swap attack involves a fraudulent actor who uses personal information to effectively hijack a person’s phone number.

According to Cole Diamond, Coinsquare’s chief executive officer, the person quoted in the article is likely a former employee that stole data a year and a half ago.

Diamond said the former employee stole data from a customer relationship management (CRM) system. Coinsquare became aware of the issue a year ago and contacted the police and a privacy commissioner, Diamond said. He said the crypto exchange “leveled up” its internal controls to ensure employees could not remove data from its CRM systems.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

According to Diamond, the referenced individual is trying to tarnish Coinsquare’s reputation as a secure cryptocurrency exchange over a theft that happened in the past.

“Why else would a hacker contact a reporter, who would then tip off the company?” he said.

Diamond said users whose data has been compromised have been contacted about changing their account information and enabling two-factor authentication. He declined to comment on the number of impacted users but said police are still investigating the scale of the theft.

“Anyone that is doing their job has to have access to data, so there’s only so much a business can do to protect itself from these sorts of occurrences,” he added.

About Author

Saniya More (pronounced: Saan-ya Mo-ray) is a quadrilingual journalist at The Block. She got her master’s degree from the Columbia University Graduate School of Journalism and did her undergraduate degree at the S.I. Newhouse School of Public Communications, Syracuse University. Her work has appeared in CBS News, Bangkok Post, Thai Enquirer, Globalists, Byline Times and other publications. When she’s not chasing a story, you will most likely find her biking, tweeting, taking photos or creating Spotify playlists for every occasion.

More by Saniya More