Kroll's Security Breach: Employee Targeted in SIM Swapping Incident
Kroll, a provider of financial advisory solutions, recently revealed an incident where one of its employees was targeted in an intricate SIM-swapping attack. On August 19, 2023, the episode focused on the employee's T-Mobile account. Unauthorized by Kroll or the employee, T-Mobile transferred the employee's phone number to the attacker's device as per their request. This breach enabled the assailant to access specific files containing personal information about bankruptcy claimants associated with BlockFi, FTX, and Genesis.
SIM swapping, typically a harmless process, was exploited to illegitimately activate a SIM card under their control with the victim's phone number. This allowed the interception of SMS messages, calls, and MFA-related notifications controlling online account access. The attacker often gathers personal details through methods like phishing or social media to convince the cellular carrier to transfer the victim's number to their SIM card.
Kroll has taken immediate measures to secure the affected accounts and has notified impacted individuals via email. Their ongoing investigation has not uncovered evidence of further compromised systems or accounts. This disclosure follows a recent lawsuit by Bart Stephens, co-founder of Blockchain Capital, against an anonymous hacker who allegedly executed a $6.3 million SIM swap attack.
The U.S. Department of Homeland Security's Cyber Safety Review Board (CSRB) has recently urged telecom providers to implement robust security protocols against SIM swapping, including customer account locking options and stringent identity verification.
The surge in SIM swapping attacks highlights the need for users to transition from SMS-based 2FA to more secure methods to protect online accounts from phishing attempts.
Source: https://thehackernews.com/2023/08/kroll-suffers-data-breach-employee.html