Important update from Coinmama

Dear customers,

On Sunday, February 17, we learned that an unauthorized party acquired data associated with 1.4 million Coinmama accounts. This information follows our internal investigation into a large breachthat has affected 30 companies and 841 million users.

We’re taking this incident extremely seriously, and want to give an overview of what it means for our customers, as well as the immediate actions we’re taking to protect people’s security.

What happened

In order to sell cryptocurrency, we are required by regulation to collect certain personal information from our customers, including name, address, email, gender and ID number. From some of our customers we are also required to collect images and copies of documents, including government issued IDs. We do not store or record any credit card information, nor do we hold any customer funds.

On February 17, during an ongoing investigation of a financial fraud incident that occurred in December 2018, we found evidence that an unauthorized party acquired data of our customers, including their personal information as mentioned above.

As of February 20, 2019, there has been no evidence of this information being used by perpetrators.

What we are doing

In light of this new evidence, we immediately expanded our investigation efforts, working closely with several leading security experts to determine the scope of the incident.

Second, we are devoting all resources necessary to accelerate the ongoing security enhancements to our systems. We are working diligently to protect people’s privacy, including:

Email notification . We began sending emails on a rolling basis on February 15, 2019 to affected customers.

Password reset . Since February 15, we started expiring the passwords of customers’ accounts. We recommend that you set a new password, and change it on any other service using the same credentials (email and password).

Law enforcement . We have reported this incident to law enforcement authorities and will continue to support their investigation.

Data protection authorities . We are notifying the applicable regulatory authorities of this matter.

Monitoring. We are taking additional measures to monitor any suspicious activity relating to our customers’ accounts.

Third, we have also established a dedicated support team to answer your questions 7 days a week. If you have questions about this incident, contact privacy@coinmama.com. You can also contact our designated DPO, Yaki Oliel, at dpo@coinmama.com. For other support issues, contact support@coinmama.com. We may experience high volume initially, and appreciate your patience.

What you can do

Cyber crime is a growing threat that affects billions of people worldwide and presents a daily battle for companies, across all industries. Below are some additional steps you can take to protect your privacy online:

Be vigilant against third parties attempting to gather information by deception (commonly known as “phishing“), such as suspicious emails or links to fake websites.

Use strong passwords and do not use the same passwords for multiple accounts (for best practices about creating secure passwords, click here).

Make a habit of reviewing your accounts for suspicious activities from time to time.

If you believe you are the victim of identity theft or that your personal data has been misused, immediately contact your national data protection authority or local law enforcement.

If you are a resident of the United States: given the applicable regulations that apply in each state, click here to learn more on actions you can take.

We will continue to update this blog post as our investigation progresses.