Japan-based cryptocurrency exchange Quoine has been fined $67,000 for breaching customer data of over 650,000 customers in what appears to be the first breach of the Personal Data Protection Act (PDPA) involving a crypto firm. Quoine, which operates crypto exchange Liquid, collected and stored data for know-your-client (KYC) checks. Quoine Fined For Breaching Over 650,000 Customers’ Data According to a report from the Straits Times, the stolen data included full names, addresses, e-mail addresses, and phone numbers, including documents such as photos and scans of NRICs and passports. Transaction information and bank account details were also leaked. The customer data breach occurred in November 2020 after a staff member at a third-party domain provider engaged by Quoine fell for a social engineering attack and incorrectly transferred control of the domain hosting account to the culprit. Even though the initial breach occurred at the company’s third-party domain provider, the Personal Data Protection Commission Singapore (PDPC) found that Quoine bore responsibility for the poor security of the DevOps account. “The organization suggested that the DevOps account’s security risk profile had not been assessed, probably due to its intended use as an automation account. This was not accepted,” the commission said. “The organization is not exempted from assessing the security implications and risks of the DevOps account simply on the ...
