Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted in exposing to an unauthorized third-party the personal data of some credit claimants.

Kroll is facilitating claims for insolvent companies FTX, BlockFi, and Genesis Global Holdco.

FTX and BlockFi posted on X today that a security incident at Kroll involving unauthorized third-party access on its systems exposed “limited, non-sensitive customer data of specific claimants.”

Although the nature of exposed data are not explicitly mentioned, the two companies clarify that user passwords and client funds haven’t been impacted, as neither FTX’s nor BlockFi’s systems were directly breached.

Also, both state that Kroll will notify impacted individuals directly, and the company has already contained and remediated the incident.

Phishing underway

In the aftermath of the reported breach at Kroll, several people related to the pending bankruptcy cases of the crypto firms posted samples of phishing emails they received on social media.

In most of the reported cases, the messages sent to those people impersonate FTX and claim that the recipient is eligible to begin withdrawing digital assets from their accounts, supposedly matching their last known balance on the platform.

These messages aim to phish people’s seeds that protect their cryptocurrency wallets, and to empty them.

Scope of the incident

Although Genesis has not published anything about the case, CoinDesk editor Rob Mitchell shared a notice from the firm about the data breach earlier today, where it is mentioned that Kroll’s incident resulted from a SIM swapping attack on one of their employee’s T-Mobile numbers.

The attackers bypassed MFA to take over the employer’s account and access files stored in Kroll’s cloud-based systems, including full names, physical addresses, email addresses, and debtor claim details.

It should be noted that Kroll handles restructuring cases for hundreds of entities, so if the firm suffered a data breach, the incident might impact many more organizations and people than just the three mentioned crypto-investment companies and their creditors.

BleepingComputer has contacted Kroll with a request for a comment on the incident, but we have not received a response by publication time. Also, the company has not posted any statements on its site or social media channels yet.