Stretto legal services hit by phishing attack exposing data of customer companies

Stretto Inc., a legal services provider for large Chapter 11 bankruptcy cases, has been hit by a phishing attack that compromised customer information for Celsius Network LLC and three other companies including Voyager crypto exchange.

The breach was discovered on April 17, 2023. Stretto took action to protect its systems and initiated an investigation. The company informed Celsius and its customers of the potential compromise but delayed notifying other affected creditors and overseeing judges until the full scope of the breach was understood.

The breach impacted data of creditors involved in the bankrupt crypto lender Celsius, as well as other firms receiving bankruptcy administrative services from Stretto. Approximately 104,000 Celsius creditors had their names and contact information exposed. About 30 Celsius creditors had sensitive personal information, such as Social Security numbers, compromised.

During a hearing in New York, it was revealed that Stretto had not informed judges of the other affected companies' bankruptcies, prompting criticism from the judge who oversees the Celsius bankruptcy.

No other details about the attack and impacted individuals of other companies is disclosed.