Estonian authorities have leaked the emails of over 200 cryptocurrency trading firms. The country’s anti-money laundering bureau recently embarked on a campaign to gather more information on crypto trading platforms in a bid to fight money laundering. However, the bureau ended up negligently exposing the emails.
The bureau sent out a mass email to all crypto trading platforms requesting them to answer a number of questions and to provide operational data. It gave the companies four weeks to submit their responses. The exercise was mandatory for all firms, with the bureau stating that the exercise would enable it to fight money laundering more effectively.
However, in sending the mass email, the bureau didn’t take any measure to hide the emails. As BeInCrypto reports, this exposed the emails to all the recipients.
While the exercise by the bureau is provided for by the country’s Administrative Procedures Act, it goes against the European Union’s General Data Protection Regulation (GDPR). This regulation came into effect last year and demands that both public and private institutions must protect the data they handle and uphold privacy. The data leak by the Estonian bureau means it has broken the GDPR stipulations and could even lead to a lawsuit by the aggrieved parties.
The data leak is quite reminiscent of a similar incident by BitMEX, which accidentally divulged the data of at least 22,000 users. As CoinGeek reported earlier this month, the exchange blamed the leak on a bug on its systems. However, sources at the exchange revealed that the leak came about after one of the staff members sent a mass email without hiding the email addresses.
While the email leak doesn’t put the users’ assets at direct risk, it can still be used by malicious parties to target the users. This has already happened with the BitMEX leak. Ray Walsh, a digital security expert revealed that the email addresses from the leak have made their way to the dark web.
He stated, “Following the leak, BitMEX users did receive unusual emails and there seems no doubt that those emails were the result of the leak. It also appears that the leaked email addresses have already been sold on the dark web, meaning that very serious hackers will now be attempting to phish people’s passwords to steal crypto funds.”
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.