Radix released an announcement via email at 6:04 PM EDT today, just moments ago. Active Campaign, L LC was breached by an unknown third party.
At risk is personal information that is held by Active Campaign LLC for Radix and other clients.
Here is the exact email I received from Radix Data Protection Officer, Lindsay Bracegirdle:
We are writing to you to inform you that our service provider Active Campaign LLC has made us aware of their systems being accessed by an unauthorized third party who has gained access to personal data which is held by that company on our behalf. This email is in accordance with our internal commitment to the highest standards of personal information security and our obligations pursuant to DATA PROTECTION (Jersey) LAW 2018 AND Article 34 of the GENERAL DATA PROTECTION REGULATION (GDPR)
Active Campaign LLC contacted us on March 14th, 2022, to inform us they were investigating suspicious activity. On March 15th, 2022, Active Campaign notified us that they believed there had been a security incident that had resulted in access to personal data we hold relating to you by an unauthorized third party.
The consequence of this breach is that the following fields of personal information which is held by ACTIVE CAMPAIGN LLC on our behalf has been compromised and maybe in the hands of bad actors. This may result in an increased risk to you of phishing attacks or the use of this information to secure further unauthorized access to your personal data on other systems. Due to the nature of our industry, you are at a heightened risk of phishing attacks attempting to gain access to crypto wallets you may own and/or access.
We continue to work with ActiveCampaign and we are satisfied that the steps that Active Campaign LLC has taken have secured their systems and the risk of further breaches has been mitigated.
There is no evidence that Radix Tokens (Jersey) Limited or RDX Works Limited systems have been compromised but we will be conducting detailed security reviews of all of our systems over the next week.
Personal data that you have provided us in the below categories, may have been exposed to bad actors.
- All users: Email address, Name
- Additional information submitted by some users: Phone Number, Location (City/Country) Job Title, Company, estimated token sale amount, if you identify as a developer, if you identify as a node runner, LinkedIn Profile, GitHub Profile.
You should immediately change all security passwords that use or are associated with the data that may have been accessed.
It is also recommended that you remain vigilant with your personal data security and be extra sensitive to any contact by e-mail, telephone, social media, or any other communication channel which uses or references any of the potentially compromised data to secure your trust.
We recommend that you use a password manager that enforces strong, unique passwords, always use 2-factor authentication.
Neither Radix Tokens (Jersey) Limited nor RDX Works will ever ask you for your seed phrase or wallet passwords, and you should never reveal this information to any third party.
We are very sorry for the inconvenience and concern this may have caused and want to reassure you that we remain committed to the responsible safeguarding of our users’ personal data.
We have informed the Jersey Office of the Information Commissioner and are continuing with further investigation into the unauthorized access to the Active Campaign LLC systems and our account with them.
For further information, and any potential updates, you may contact our Data Protection Officer, Lindsay Bracegirdle at firstname.lastname@example.org.Additional information and any potential updates can also be obtained at: https://www.radixdlt.com/data-breach-march-2022.