<p>Canadian crypto exchange Coinsquare said that an internal theft last year by a former employee resulted in personal information on some of its customers landing in the hands of a hacker or group of hackers.</p> <p>Details of the incident were included in a story published earlier this week by news outlet <a href="https://www.vice.com/en_us/article/n7wnvb/hackers-coinsquare-data-bitcoin-sim-swapping" target="_blank" rel="noopener noreferrer">Vice</a>, which reported that the hacker or hackers intend to use the information – which contains email addresses, phone numbers and, in some cases, physical addresses – to perform SIM swap attacks. A SIM swap attack involves a fraudulent actor who uses personal information to effectively hijack a person’s phone number.</p> <p>According to Cole Diamond, Coinsquare’s chief executive officer, the person quoted in the article is likely a former employee that stole data a year and a half ago.</p> <p>Diamond said the former employee stole data from a customer relationship management (CRM) system. Coinsquare became aware of the issue a year ago and contacted the police and a privacy commissioner, Diamond said. He said the crypto exchange “leveled up” its internal controls to ensure employees could not remove data from its CRM systems.</p> <p>According to Diamond, the referenced individual is trying to tarnish Coinsquare’s reputation as a secure cryptocurrency exchange over a theft that happened in the past.</p> <p>“Why else would a hacker contact a reporter, who would then tip off the company?” he said.</p> <p>Diamond said users whose data has been compromised have been contacted about changing their account information and enabling two-factor authentication. He declined to comment on the number of impacted users but said police are still investigating the scale of the theft.</p> <p>“Anyone that is doing their job has to have access to data, so there’s only so much a business can do to protect itself from these sorts of occurrences,” he added.</p>