CoinFlip reports data breach caused by compromised employee email

GPD Holdings, which operates the brand CoinFlip reported a data breach after discovering that an employee email accounts had been infiltrated.

CoinFlip was subjected to a social engineering attack on August 7, 2023, with the attackers aiming to compromise an employee’s email account. Upon detecting the breach, CoinFlip acted to control the situation and engaged external forensic experts.

By September 21, 2023, CoinFlip's investigation concluded that an unauthorized entity had indeed breached their IT infrastructure and extracted specific data sets.

This compromised data encompassed

• consumer names,
• residential addresses,
• Social Security numbers,
• numbers from driver’s licenses,
• other government-issued IDs.

No details are available about the number of affected individuals.

On October 20, 2023, CoinFlip dispatched official breach notification letters to all identified victims, detailing the specific data related to them that was compromised.