Over the past few years more than 600,000 people have had their personally identifying information leaked. This information was provided to companies for KYC/AML purposes, but was retained and mishandled leading to the KYC documents being exposed.
KYC documents may include the user's full names, home addresses, phone number, passport, photo, driving license, DOB, wallet addresses, balances, transactions, and IP address.
These leaks put the users in danger and could face the threat of violence and robbery following these “doxing” events. Some victims have reported being threatened via phone and email.
Entity | Date | Users Affected | Data Leaked | Source |
---|---|---|---|---|
Tokensoft | 12-Nov-2022 | 5k | full name, wallet address, home address | Link |
Celsius | 07-Oct-2022 | 600k | full name, wallet addresses, balances, transactions | Link |
Digitex | 29-Feb-2022 | 8k | passport, driving license, home address, phone number, IP address | Link |
Binance | 07-Aug-2019 | 10k | full name, photo, driving license, passport | Link |
DADI ICO | 12-Mar-2018 | unknown | full name, home address, DOB, photo | Link |
Bittrex | Dec-2017 | unknown | full name, photo, passport | Link |
- HubSpot - No KYC data leaked. This was a CRM data leak.
- Affected Circle, BlockFi, Pantera Capital, NYDIG and others
- https://bitcoinmagazine.com/business/how-hubspot-data-breach-hits-bitcoiners
- MtGox - No KYC data leaked.
- Ledger - No KYC data leaked. This was a point of sales data leak.