Over 1,000 customer data missing in CryptoTrader.Tax breach

8:05:00 AM Harry DeVries 0 Comments



Digital currency tax reporting service CryptoTrader.Tax suffered a breach, resulting in 13,000 rows of data and 1,082 unique customer email addresses stolen.

The breach reportedly took place on April 7, but the platform did not make an official announcement at the time. Instead, it contacted the individuals affected directly. The incident only came to light after CryptoTrader.Tax co-founder and CEO David Kemmerer confirmed that the data breach happened.

How it happened
An individual familiar with the matter was quoted by CoinDesk saying the hacker was able to gain access to a CryptoTrader.Tax employee's account. The employee worked in marketing and customer service, which allowed the hacker to access customer names, emails, payment processor profiles, and messages to customer service on the platform. Once the hacker accessed this information, they allegedly took screenshots of the data, and subsequently posted them on a dark net forum to show others that they had personal identification data for sale.

Why are we just finding out?
Although CryptoTrader.Tax did act relatively responsible after learning of the breach, it comes as a surprise that the April 7th hack is officially being made public for the very first time four months later in August.

Kemmerer told the new outlet that shortly after CryptoTrader became aware of the breach, they alerted the customers that were affected and took steps to improve security measures and monitoring systems across internal and third-party applications. Yet, it remains unclear why there was no official announcement, such as a blog that announced the data breach or even a post on a social media network alerting their users.

Although their team did take appropriate steps to warn customers and upgrade their system security after the breach took place, they did so in a rather intransparent way, which should make any individual that does business with CryptoTrader.Tax a bit weary of how the platform decided to operate.