Kroll, a financial and risk advisement firm, has become embroiled in class-action litigation after a data breach revealed sensitive creditor information related to FTX, BlockFi and Genesis.
The lawsuit was filed in a U.S. district court by Hall Attorneys on behalf of FTX customer Jacob Repko and other similarly situated individuals, alleging negligence on Kroll’s part.
The lawsuit was filed in a U.S. district court by Hall Attorneys for the claimants, FTX customer Jacob Repko and others similarly situated, for negligence on the part of Kroll.
The action has put creditors increasingly displeased as they continue to receive fraudulent emails nearly one year later.
Phishing Attacks Fuel Growing Security Concerns
The lawsuit explains how Kroll, by utilizing email-only communication, created a flimsy security infrastructure that hackers took advantage of to manipulate verification processes.
Consequently, some creditors were having their claims delayed and, in some cases, losing money.
One high-profile creditor, Sunil Kavuri, identified the problem yesterday, on Aug, 22nd, on X and created a thread with screenshots of the daily emails pouring in with phishing attempts, including phishing emails that contained his personal identity information.
Other creditors confirmed receiving identical fraudulent emails, indicating the extent of the entire incident.
The goal of the lawsuit is to obtain damages and to tell Kroll to upgrade its procedures for contacting creditors so that creditors are protected from becoming victims of fraudulent email requests.
Legal Action Seeks Accountability and Compensation
Nicholas Hall, the lawyer convening the lawsuit, said eligible creditors may get monetary resolution if the case goes well.
The suit aims for more than financial resolution, including holding Kroll accountable for their alleged mishandling of creditor data, and changing operations to prevent/actions.
Hall, who also runs the FTX Claims website, has been working with creditors for a while as they navigate the claims process for bankruptcies.
While all of that has been happening, creditors are still vulnerable, being targeted with phishing campaigns several months after the breach.
The lawsuit is an important moment in deciding how companies, like Kroll, can be held accountable for protecting sensitive client information.
Reimbursement Updates and Restricted Claims Complicate the Case
The lawsuit arrives at a critical junction in FTX’s Chapter 11 bankruptcy case as it plans to begin its third round of distributions to companies owed by FTX $1.9 billion in total scheduled for September 30.
Of the $1.9 billion owed, it is likely that creditors in jurisdictions restricting FTX, such as China and Russia, will not receive payment, UnoCrypto reported.
UnoCrypto reported in July that $470 million of FTX claims remained restrained by court order and that around 80% of those particular creditors looking for payment were owed by Chinese creditors.
The legal and regulatory modalities provide additional layers of complexity to the ongoing process of reimbursing FTX creditors and are further compounded by an increasing total $11 billion in allowed claims.
Disputes over KYC and claiming in 49 jurisdictions that have restricted distribution cause further delays to the distribution of payments.
Also Read: FTX Rejects 3AC Liquidators’ $1.53B Bankruptcy Claim, Cites Risky Trading Strategy
Ongoing Security Issues Heighten Risks for Creditors
The lawsuit is not the first time Kroll has come under public scrutiny for cybersecurity lapses.
In March 2024, yet another data breach supposedly struck Kroll, exposing data concerning client invoicing, accounts payable, and some email addresses to malicious actors.
Earlier this August, UnoCrypto reported that security experts had warned creditors of the return of scams involving SIM-swap attacks in which hackers could steal the phone numbers of their victims.
As creditors wait to receive additional rounds of reimbursement, the case against Kroll highlights the increased need for further protections and accountability in the handling of sensitive financial files.
Also Read: Chinese FTX Creditor Files $15M Objection Against Restricted-Jurisdiction Payout Ban