BlockFi experiences a data breach but says no customer funds lost

BlockFi, a crypto lending platform, alerted its customers of a recent data breach, according to The Block report. The company’s CEO, Zac Prince, said that the breach had impacted less than half of the firm's retail clientele and none of the firm's institutional clients. 

BlockFi reassured that the attack did not affect customer funds. However, it did expose account activity data, customer email addresses and postal addresses. The firm clarified that social security numbers and images of client licenses and government-issued IDs were not disclosed. 

An excerpt from a memo shared with The Block reads:

On May 14th, there was a data incident at BlockFi that exposed certain client account information for a brief period of time. While no information was accessed that would enable the intruder to access your account or your funds, we believe it is in the interest of transparency to share the following details with you, and all of our other clients who were potentially affected. Your funds, passwords, and non-public identification information are secure and no BlockFi client or company funds were impacted or at risk. No action is required by you.

A BlockFi incident report revealed that the data breach occurred because of a SIM card swap attack on an employee's phone number. The hacker also tried to withdraw client funds on BlockFi but "was unsuccessful in doing so.” 

The memo further noted: 

We are constantly reviewing and improving our systems and security processes and will be accelerating efforts in a number of areas as a result of this activity. In addition to ongoing development of our systems, we are actively researching options for us to contribute to the cybersecurity efforts of the cryptocurrency industry more broadly.