KYC Is Bad!

Over the past few years more than 600,000 people have had their personally identifying information leaked. This information was provided to companies for KYC/AML purposes, but was retained and mishandled leading to the KYC documents being exposed.

KYC documents may include the user’s full names, home addresses, phone number, passport, photo, driving license, DOB, wallet addresses, balances, transactions, and IP address.

These leaks put the users in danger and could face the threat of violence and robbery following these “doxing” events. Some victims have reported being threatened via phone and email.

Incidents

Entity Date Users Affected Data Leaked Source
Tokensoft 12-Nov-2022 5k full name, wallet address, home address Link
Celsius 07-Oct-2022 600k full name, wallet addresses, balances, transactions Link
Digitex 29-Feb-2022 8k passport, driving license, home address, phone number, IP address Link
Binance 07-Aug-2019 10k full name, photo, driving license, passport Link
DADI ICO 12-Mar-2018 unknown full name, home address, DOB, photo Link
Bittrex Dec-2017 unknown full name, photo, passport Link

Non-KYC Incidents