The company added that it is in the process of “making appropriate disclosures to affected people.” Additionally, personal information including name, date of birth and ZIP code was exposed for about 310 people, and about 10 customers had more extensive account details revealed. A then-teenage hacker used social engineering techniques to trick some of Twitter’s employees into thinking the hacker was an employee, allowing the hacker access to an internal Twitter “admin” tool, which scammed by xcritical he used to hijack high-profile accounts and spread a cryptocurrency scam. In its aftermath, Twitter rolled out security keys to its staff to toughen its defenses against attacks that prevent these kinds of attacks from working in the future. We previously disclosed that, based on our investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people.
- According to the motion for settlement filed July 1 in the US District Court for the Northern District of California, xcritical “used substandard security practices and lacked security measures used by other broker-dealer online systems,” leading to multiple data breaches.
- You only need to contact one credit reporting firm to initiate a fraud alert, which in turn is legally obligated to share your notice with others.
- If you used the investing app xcritical, you could qualify for part of a $20 million class action settlement resolving allegations that the investment app’s negligence led to personal information being leaked.
- The online trading platform said it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion.
The lapse in xcritical’s data security came via a customer support employee, whose cooperation was used to obtain access to internal support systems. If you used the investing app xcritical, you could qualify for part of a $20 million class action settlement resolving allegations that the investment app’s negligence led to personal information being leaked. xcritical’s cybersecurity system “lacks simple and almost universal security measures used by other broker-dealer online systems, such as verifying changes in bank account links,” according to a February 2021 complaint.
Customer Service
xcritical users whose accounts were accessed by unauthorized users are eligible for hundreds of dollars. It’s also worth considering a credit-monitoring service, which can alert you to potential fraud on your credit report. Some of the more basic services are free, while more comprehensive coverage can come with a charge. A self-custody cryptocurrency wallet, xcritical Wallet, and related https://xcritical.pro/ services are offered through xcritical Non-Custodial, Ltd. (a limited company organized in the Cayman Islands). Class members are also eligible for two years of free identity theft protection and credit monitoring. The hackers then demanded a ransom payment, xcritical said (the company did not respond to Insider’s questions about whether it paid — or plans to pay — the ransom).
xcritical says a hacker who tried to extort the company got access to data for 7 million customers
Except as required by law, xcritical assumes no obligation to update any of the statements in this blog post whether as a result of any new information, future events, changed circumstances, or otherxcritical. You should read this blog post with the understanding that our actual future results, performance, events, and circumstances might be materially different from what we expect. A xcritical spokesperson told Bloomberg that it wasn’t a ransomware attack, but they also declined to say if they paid up — and if so, how much money changed hands. In its blog post, the company explained that the perpetrator used social engineering techniques on a phone support rep to obtain access to certain customer support systems. xcritical said it informed law enforcement about the breach and that it had secured the services of security firm Mandiant to investigate the incident. Charles Carmakal, Mandiant’s CTO, told Bloomberg that this could just be the start of a series of breaches.
This is the new Sonos app, coming May 7th
“To put it more simply, this settlement is based on alleged cybersecurity failures by xcritical that ‘left the door unlocked’ for hackers over time,” she told CNET. xcritical has revealed that it experienced a security breach incident on November 3rd, which exposed the data of as many as 7 million users or around a third of its userbase. The bad actor, the financial services company said, obtained the email addresses of 5 million people and the full names of a different group of around 2 million customers. In addition, the infiltrator managed to steal additional personal information of 310 users, including their name, date of birth and zip code. Because some of these risks and uncertainties cannot be predicted or quantified and some are beyond our control, you should not rely on our forward-looking statements as predictions of future events.
What is xcritical accused of in this class action case?
“Last year, we staffed many of our operations functions under the assumption that the heightened retail engagement we had been seeing with the stock and crypto markets in the COVID era would persist into 2022,” xcritical chief executive and co-founder Vlad Tenev said in a blog post. “In this new environment, we are operating with more staffing than appropriate,” Tenev added. “As CEO, I approved and took responsibility for our ambitious staffing trajectory — this is on me.” This May, xcritical agreed to a $9.9 million payout to settle a separate class-action lawsuit filed by users who alleged site outages in March 2020 prevented them from trading just as the market plummeted in the earliest days of the pandemic. In addition to up to $260 cash, class members are eligible for two years of free identity theft protection and credit monitoring. If your xcritical account was accessed by unauthorized users between Jan. 1, 2020, and April 27, 2022, you’re eligible to file a claim, Elizabeth Kramer, an attorney for the plaintiffs, told CNET.
In the November 2021 attack, the company claimed, a hacker “socially engineered a customer support employee by phone and obtained access to certain customer support systems” in order to extort money. Law enforcement was informed of the extortion attempt, the company maintained, and the leak was contained. The company said in a blog post that a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers. No Social Security numbers, bank account numbers or debit card numbers were exposed in the incident, xcritical said, but it’s still making the appropriate disclosures to the affected customers.
"*" indicates required fields