In re: FTX Trading Ltd., et al., Case No. 22-11068
United States Bankruptcy Court for the District of Delaware
On August 25, 2023, Kroll Restructuring Administration (“Kroll”), the claims and noticing agent in the bankruptcy, announced a security incident involving the personal information of bankruptcy claimants in three matters involving cryptocurrency companies, including FTX. Kroll promptly contained and remediated the incident, reported it to law enforcement and is investigating this matter. Kroll has advised the court and the FTX debtors of the incident.
Kroll has provided email notice to the FTX claimants whose personal information was or may have been impacted by the incident. Copies of those email notices are available here and here. These notices provide important information that can help protect you against potential misuse of this information, and we encourage you to read them carefully.
This website provides additional information about the incident and steps you may take to protect yourself from identity theft and fraud.
1. What happened?
As detailed in its notice to impacted claimants, in August 2023, Kroll experienced a cybersecurity incident in which an unauthorized third party gained access to Kroll’s cloud-based systems. As a result, the unauthorized party accessed (or in some cases, may have accessed) the personal information of certain claimants in the FTX and two unrelated bankruptcies.
2. Why was my information in Kroll’s systems?
Your information was present because Kroll is the claims and noticing agent for the FTX bankruptcy proceeding. In that role, Kroll tracks all claims issued towards FTX and the affiliated companies that are subject to the bankruptcy proceeding, and also ensures that interested parties are kept informed of developments in the case as it progresses.
3. What types of information were impacted?
For affected claimants, the types of information impacted included name, email address, mailing address, FTX account number, unique identifier assigned as part of the bankruptcy process, FTX account balance, phone number, and/or other claim details. For a limited number of affected claimants, date of birth may have also been impacted.
Kroll did not maintain the password to claimants’ FTX accounts or the claims portal, so passwords were not affected. The incident did not affect any FTX systems or FTX digital assets.
4. How can I protect myself?
While no action is necessary as to your FTX account as a result of this incident, we recommend that individuals remain on high alert for attempted fraud and scam emails impersonating parties in the bankruptcy, such as phishing emails seeking information about your personal accounts, including but not limited to cryptocurrency accounts, wallets, or other digital assets, wherever they may be held. You should never link your wallet, share passwords, seed phrases, private keys, or other non-public information, or download any software or use a particular wallet application from untrusted individuals, applications, websites, or devices. In addition, you should always verify information that you receive from any other website about the FTX bankruptcy or your claim by visiting Kroll’s website at https://restructuring.ra.kroll.com/FTX/ or contacting Kroll Restructuring Administration at [email protected].
As set forth in the notices to affected claimants, copies of which are available here and here, the Court presiding over the FTX bankruptcy case (the United States Bankruptcy Court for the District of Delaware), Kroll, and FTX will never ask or require you to do any of the following in connection with the processing of bankruptcy claims or the distribution of FTX assets:
Please know that any distribution of FTX assets will only be at the time and in the manner established by the Court. Information about the Court’s orders can be found at the website of the Claims Agent, Kroll Restructuring Administration LLC: https://restructuring.ra.kroll.com/FTX/.
5. Is it safe for me to access the FTX Customer Claims Portal and the Kroll Portal?
Yes. There is no evidence that the customer proof of claim portals at https://claims.ftx.com/ and https://restructuring.ra.kroll.com/FTX/EPOC-Index were affected by the incident. Please note that while FTX took the precautionary measure of freezing affected user accounts within the customer claims portal, it has since unfrozen all accounts and implemented additional security measures to its Customer Claims Portal. As noted above, FTX account passwords were not maintained by Kroll and FTX’s systems were not affected by the incident.
6. Can you tell me if my information was part of the breach?
Kroll has notified affected claimants directly by email from [email protected]. If you received a notification from Kroll, please refer to it for further information.
7. Why did Kroll send two letters regarding this security incident?
When Kroll became aware of the cybersecurity incident, it launched an investigation into the matter. Kroll quickly determined that, during the incident, an unauthorized party accessed files that contained the personal information—including name, address, email address, and/or FTX account balance—of certain FTX claimants. Kroll notified those affected claimants on August 25, 2023.
Based on further investigation, Kroll subsequently determined that the unauthorized party may have accessed the same limited types of personal information for certain additional claimants, as well as the date of birth belonging to a limited number of claimants. Kroll notified those additional claimants on November 2, 2023.
8. Was the KYC data I provided to FTX in the claims portal leaked?
No, none of the information submitted as part of FTX’s KYC process is stored on Kroll’s systems. FTX’s systems were not affected by the incident.
If you received an email from [email protected] or another communication purporting to be from individuals associated with the FTX bankruptcy case, such as an email stating that withdrawals are now available on your FTX account, do not click on any links contained in such an email as it is part of a phishing scam and is not a genuine message sent from or on behalf of FTX or Kroll. Remember to check the original address of any email purporting to be sent on behalf of FTX or Kroll to confirm it is authentic by emailing or visiting the website listed below.
If you have any questions, receive suspicious communications, or wish to verify the authenticity of communications that are purported to be from individuals associated with the FTX bankruptcy case, please contact: [email protected]. In addition, information that you receive about the FTX bankruptcy case and/or your claim can be verified by visiting Kroll’s website at https://restructuring.ra.kroll.com/FTX/.
You should remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and monitoring your credit report for unauthorized activity.
Credit Reports. Under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to www.AnnualCreditReport.com or by calling (877) 322-8228. You also may complete the Annual Credit Report Request Form available from the FTC at www.consumer.ftc.gov/articles/pdf-0093-annual-report-request-form.pdf, and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
You may contact the nationwide credit reporting agencies at:
| Equifax | Experian | TransUnion |
|---|---|---|
|
P.O. Box 105788 Atlanta, GA 30348 www.equifax.com (800) 525-6285 |
P.O. Box 9554 Allen, TX 75013 www.experian.com (888) 397-3742 |
P.O. Box 2000 Chester, PA 19016 www.transunion.com (800) 916-8800 |
Fraud Alert. You may place a fraud alert in your file by calling one of the three nationwide credit reporting agencies above. A fraud alert tells creditors to follow certain procedures, including contacting you before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit.
Credit Freezes: You may have the right to put a credit freeze, also known as a security freeze, on your credit file, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A credit freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit reporting company. Since the instructions for how to establish a credit freeze differ from state to state, please contact the three major credit reporting companies as indicated above.
You can obtain more information about fraud alerts and credit freezes by contacting the FTC or one of the national credit reporting agencies listed above.
Credit Freezes (for Massachusetts Residents): Massachusetts law gives you the right to place a security freeze on your consumer reports. A security freeze is designed to prevent credit, loans and services from being approved in your name without your consent. Using a security freeze, however, may delay your ability to obtain credit. You may request that a freeze be placed on your credit report by sending a request to a credit reporting agency by certified mail, overnight mail or regular stamped mail to the respective address indicated above.
Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit reporting company. The following information should be included when requesting a security freeze (documentation for you and your spouse must be submitted when freezing a spouse’s credit report): full name, with middle initial and any suffixes; Social Security number; date of birth (month, day and year); current address and previous addresses for the past five (5) years; and applicable fee (if any) or incident report or complaint with a law enforcement agency or the Department of Motor Vehicles. The request should also include a copy of a government-issued identification card, such as a driver’s license, state or military ID card, and a copy of a utility bill, bank or insurance statement. Each copy should be legible, display your name and current mailing address, and the date of issue (statement dates must be recent). If you have been a victim of identity theft, and you provide the credit reporting agency with a valid police report, the agency cannot charge you to place, lift or remove a security freeze. In all other cases, the credit reporting company may charge a reasonable fee of up to $5 to place a freeze or lift or remove a freeze.
You may contact the Federal Trade Commission (FTC) and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should contact the FTC and/or your state’s attorney general office about for information on how to prevent or avoid identity theft. You can contact the FTC at: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20508, www.ftc.gov, 1-877-IDTHEFT (438-4338).
If you are a Connecticut resident, you may contact and obtain information from your state attorney general at: Connecticut Attorney General’s Office, 165 Capitol Ave, Hartford, CT 06106, 1-860-808-5318, www.ct.gov/ag.
If you are a District of Columbia resident, you may contact and obtain information from your attorney general at: Office of the Attorney General for the District of Columbia, 441 4th Street, NW, Washington, DC 20001, 1-202-727-3400, www.oag.dc.gov.
If you are an Iowa resident, state law advises you to report any suspected identity theft to law enforcement or to the Iowa Attorney General, Consumer Protection Division, 1305 E. Walnut St., Des Moines, IA 50319, 1-888-777-4590.
If you are a Maryland resident, you can contact the Maryland Office of the Attorney General, Consumer Protection Division at: 200 St. Paul Place, Baltimore, MD 21202, www.oag.state.md.us, 1-888-743-0023.
If you are a Massachusetts resident, under Massachusetts law, you might have the right to obtain a police report filed in regard to this incident. You also have the right to request a security freeze, as described above. You may contact and obtain information from your state attorney general at: Office of the Massachusetts Attorney General, One Ashburton Place, Boston, MA 02108, 1-617-727-8400, www.mass.gov/ago/contact-us.html.
If you are a New Mexico resident, you have certain rights pursuant to the federal Fair Credit Reporting Act (FCRA). For more information about the FCRA, please visit www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf or www.ftc.gov.
If you are a New York resident, you can contact the New York Office of the Attorney General at www.ag.ny.gov, 1-800-771-7755; the New York Department of State, www.dos.ny.gov, 1-800-697-1220; and the New York Division of State Police, www.ny.gov/agencies/division-state-police, (914) 834-9111.
If you are a North Carolina resident, you can contact the North Carolina Office of the Attorney General, Consumer Protection Division at: 9001 Mail Service Center, Raleigh, NC 27699-9001, www.ncdoj.com, 1-877-566-7226.
If you are an Oregon resident, state law advises you to report any suspected identity theft to law enforcement or to the FTC.
If you are a Rhode Island resident, you have the right to obtain a police report. You also have the right to request a security freeze, as described above. You can also contact the Office of the Attorney General at: Rhode Island Office of the Attorney General, 150 South Main Street, Providence, RI 02903, http://www.riag.ri.gov/, (401) 274-4400 or file a police report by contacting (401) 444-1000.
If you are a West Virginia resident, you have the right to ask that nationwide consumer reporting agencies place “fraud alerts” in your file to let potential creditors and others know that you may be a victim of identity theft, as described above. You also have a right to place a security freeze on your credit report, as described above.