Coinsquare, a Canadian crypto exchange, has responded to the reports regarding a “hack” and data breach that apparently revealed data of 50,000 users.
As the story goes, Coinsquare was approached by a reporter at Vice that claimed to have seen a sample of the stolen information. Coinsquare states that after a review of the data, they were “able to confirm that this came from the same source of data from just over a year ago.” Earlier this month, a letter was apparently distributed to impacted users outlining the theft.
In a statement to users signed by its CEO Cole Diamond, Coinsquare admits that it became aware of a possible data breach in early 2019. Back in 2019, Coinsquare was under the belief that the theft was relegated to just four accounts. Apparently, that was not the case.
“[the] data came from a 3rd party sales management database used for prospecting. The person(s) responsible for the data theft indicated their intent of publishing the data is to ’embarrass the company.'”
The name of the company is not disclosed.
According to Coinsquare, as far as they can discern, the facts are as follows:
- “286,828 users had NO information leaked.
- 3,453 Coinsquare users did have some form of “Personally Identifiable Information” (PII) leaked – because the information comes from a CRM tool, there is inconsistency in the data by each user. The information ranges from just names, emails, and phone numbers to in very few cases there is an address (9 addresses to be exact).
- 1,137 non-Coinsquare users had some information leaked – again, this confirms to us, in addition to the layout of the data and the column headings, that this is information from a CRM tool.”
The company says it is working with the Canadian Office of the Privacy Commissioner and the Royal Canadian Mounted Police to “make sure we are doing all we can to safeguard private information and to identify any deliberate efforts to harm our customers, members of the public and our company.” No word (yet) on any form of legal action being taken either via a criminal or civil suit. Importantly, there does not appear to be any acts of theft but concerns remain regarding the potential for SIM Swap scams.
One poster on Reddit explained their concern:
“… this is a highly disturbing pattern of behavior that suggests non-compliance with several ethical, regulatory and legal statutes when it comes to informing users of data breaches of their personal information.”
Some Redditers have been more forgiving of Coinsquare while others have leveled claims of a botched coverup.
This latest hack of a digital asset exchange highlights the need for more stringent regulation regarding operational protocols in the crypto sector.