Transmit Security, Authentication Company Used by Banks, Hacked

The breach impacted email addresses, passwords, phone numbers, and other sensitive information, according to a breach notification obtained by Motherboard.
February 25, 2020, 4:45pm
Piggy banks.
Image: PM Images

This week a cybersecurity company called Transmit Security, that focuses on providing corporate clients with tools to securely log users into different services, notified customers of a data breach at the firm. The breach impacted over a thousand email addresses, passwords, phone numbers, and other sensitive information.

Transmit Security works with a number of large banks, including TD Bank and the First International Bank of Israel.

The customer notification message says that a security researcher contacted some of Transmit Security's customers on Monday and reported unauthorized access to the data, according to a copy of the message obtained by Motherboard.

Did you receive the Transmit Security breach notification? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

"Based on information provided by the researcher it seems that the attackers gained access to NextCloud, a file sharing support-system through which Transmit distributes mainly binaries to customers," the message reads. Transmit Security has shut down its NextCloud system in response, the message adds.

As well as the email addresses and personal information, the breach also impacted source code, binaries and emailed communications shared between Transmit Security and clients, the message adds. The message said that application and customer data from clients themselves is not affected.

Transmit Security did not immediately respond to a request for comment.

Transmit Security left stealth in 2017 with $40 million in self-funding.

Subscribe to our cybersecurity podcast, CYBER.

This article originally appeared on VICE US.