Celsius Belatedly Informed Client Email Addresses Were Compromised Via Vendor Data Breach
As if filing for bankruptcy wasn’t enough to put a stop gap on debacles, Celsius Network informed its clients recently that some email addresses were involved in a data breach connected to one of its vendors.
“We are writing to let you know that we were recently informed by our
vendor Customer.io that one of their employees accessed a list of
Celsius client email addresses held on their platform and transferred
those to a third-party,” the company said in a letter.
Interestingly, the firm reported that they were “recently” informed by Customer.io about the unsanctioned access to the email address list, but also proceeded to note that this happened weeks ago on July 8.
“We know this [breach] was a result of the deliberate actions of a senior engineer who had an appropriate level of access to perform their duties, and provided these email addresses to the bad actor. This action was limited to this single employee,” wrote Customer.io on its website blog dated July 7.
Customer.io, who provides messaging platform services to Celsius, also said that the employee has been terminated and reported to law enforcement.
While the firm reiterates that the incident “[presents] any high risks” to the clients whose email addresses have been compromised, Celsius is considering this a violation of vendor-client relations and has taken actions with appropriate authorities.
“We do not consider the incident to present any high risks to our clients
whose email addresses may have been affected but are releasing this
communication to make sure you are aware,” Celsius added.
The company also informed its clients that Customer.io confirmed that no other Celsius-related data was compromised. However, evidence of this incident “has not yet been provided” by the vendor to the firm.
The firm is also about to face a legal battle as its former investment manager, KeyFi founder Jason Stone, is taking Celsius to court under fraud allegations.
The company’s bankrupcty filing became the result weeks after Celsius paused all withdrawals, transfers, and swaps–which led to a liquidity crisis.
Information for this briefing was found via Twitter and the companies mentioned. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
