Kroll is under a class-action suit because FTX creditors continue to receive daily scam emails using stolen data in a 2023 hack.
Kroll is also under increased scrutiny in a developing class-action lawsuit in which FTX creditors complain of unending scam emails in their inboxes. These phishing attacks are allegedly related to stolen information that was part of the Kroll security breach in 2023, which worried more people about data misuse in the FTX bankruptcy saga.
On August 19, 2023, Kroll, the claims agent appointed by the court on behalf of FTX Trading Ltd., announced information on claimants about a data breach in which their personal information was obtained by hackers.
The hackers tapped into files containing names, addresses, emails, and account balances, putting them in further jeopardy. Kroll has acted swiftly by reporting this security breach to the law enforcement agency and getting an investigation underway.
Spam Emails: A Daily Dread for FTX Creditors
Kroll is accused by the FTX creditors of not preventing these scam emails. Victims are also bombarded with daily phishing attacks, misled by hackers using stolen data.
Emails resemble authentic FTX correspondence, and therefore, they attempt to fool users into sharing secret keys or passwords.
Kroll denies having made any request related to any sensitive information other than through approved channels in court. It emphasized that no passwords and FTX account information were stored or compromised in the attacks.
However, creditors have alleged that scams increased following the event to say that Kroll controls were not adequate.
According to a Kroll spokesperson, “We quickly limited the breach and notified claimants about protection. No additional system exposure is evidenced other than that of a single employee cloud account.”
However, there have been complaints by affected users who allege they received phishing messages, and this has led to a class-action alleging negligence.
The Legal Drama Sparkles Further, the Crisis of Scam Escalates
The class action suit purports that Kroll was negligent in letting hackers tap into the sensitive information of claimants.
Creditors complain that Kroll should have responded to them better, as this exposed them to cyber-theft and fraud. Plaintiffs request compensation for damages due to the consequent fraud.
Kroll has cautioned that claimants should not broadcast seed phrases, personal keys, or other personal data, and should not connect wallets or download anything they do not recognize.
It offered authoritative avenues of claim verification to distinguish between legitimate and fake messages
Analysts also note how these breaches can become an impetus to new waves of identity theft and fraud, particularly with crypto bankruptcies when money is tight and recovery is complex.
