In the announcement, QuickBit revealed that personal data such as names, addresses, email addresses and card information of 2% of its customers was exposed. QuickBit said that no passwords or social security numbers, complete account or credit card information, cryptocurrency or private keys, or financial transactions were exposed or affected.
QuickBit initially published its suspicions about the data incident on July 19, stating that their internal investigation indicated that neither QuickBit nor the company's customers had been affected. Later that day, the exchange’s managing director Jörgen Eriksson wrote that external security experts warned the company that some data had been poorly protected.
In today’s announcement, the exchange explained how the database was exposed:
“QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools.”
QuickBit further claims that its technicians have taken steps to ensure that all servers are protected and prevent the possibility of similar incidents, adding that it will publish a public version of the incident report on its website.
In late June, South Korean crypto exchange Bithumb was prosecuted for its alleged failure to take adequate measures to protect personal information, which was later presumably exploited by hackers to steal funds from the platform. Prosecutors alleged the data breach led directly to the second hack affecting the platform, in which almost $7 million in user funds was stolen.