Quoine Has Been Fined $67,500 For Breaching Customer Data

In what appears to be the first breach of the Personal Data Protection Act (PDPA) involving a cryptocurrency firm, Japan-based cryptocurrency exchange Quoine was fined $67,000 for breaching customer data of over 650,000 customers.

Quoine, which runs the cryptocurrency exchange Liquid, gathered and stored information for know-your-client (KYC) checks.

Quoine has been fined $67,500 for breaching customer data

According to a report from the Straits Times, the stolen data included full names, addresses, e-mail addresses, and phone numbers, including documents such as photos and scans of NRICs and passports. Transaction information and bank account details were also leaked.

The customer data breach occurred in November 2020, when a Quoine-hired employee at a third-party domain provider fell victim to a social engineering attack and incorrectly transferred control of the domain hosting account to the perpetrator.

Despite the fact that the initial breach occurred at the company’s third-party domain provider, the Personal Data Protection Commission Singapore (PDPC) determined that Quoine was responsible for the DevOps account’s poor security.

“The organization suggested that the DevOps account’s security risk profile had not been assessed, probably due to its intended use as an automation account. This was not accepted,” the commission said.

“The organization is not exempted from assessing the security implications and risks of the DevOps account simply on the basis that it was an automation account, especially considering that the DevOps account could be used to access the customer data stored in the databases,” it added.

PDPC stated that in determining the penalty, it considered mitigating factors such as Quoine’s prompt remedial actions, including notifying the affected individuals. Quoine appears to have cooperated with investigators and voluntarily accepted responsibility for the incident.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Annie

CoinCu News

Quoine Has Been Fined $67,500 For Breaching Customer Data

In what appears to be the first breach of the Personal Data Protection Act (PDPA) involving a cryptocurrency firm, Japan-based cryptocurrency exchange Quoine was fined $67,000 for breaching customer data of over 650,000 customers.

Quoine, which runs the cryptocurrency exchange Liquid, gathered and stored information for know-your-client (KYC) checks.

Quoine has been fined $67,500 for breaching customer data

According to a report from the Straits Times, the stolen data included full names, addresses, e-mail addresses, and phone numbers, including documents such as photos and scans of NRICs and passports. Transaction information and bank account details were also leaked.

The customer data breach occurred in November 2020, when a Quoine-hired employee at a third-party domain provider fell victim to a social engineering attack and incorrectly transferred control of the domain hosting account to the perpetrator.

Despite the fact that the initial breach occurred at the company’s third-party domain provider, the Personal Data Protection Commission Singapore (PDPC) determined that Quoine was responsible for the DevOps account’s poor security.

“The organization suggested that the DevOps account’s security risk profile had not been assessed, probably due to its intended use as an automation account. This was not accepted,” the commission said.

“The organization is not exempted from assessing the security implications and risks of the DevOps account simply on the basis that it was an automation account, especially considering that the DevOps account could be used to access the customer data stored in the databases,” it added.

PDPC stated that in determining the penalty, it considered mitigating factors such as Quoine’s prompt remedial actions, including notifying the affected individuals. Quoine appears to have cooperated with investigators and voluntarily accepted responsibility for the incident.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Annie

CoinCu News