15th August 2023
As you may be aware, a number of users have received scam emails or texts purporting to be from Crowd2Fund, as part of a phishing attempt. These attempts by cybercriminals to commit fraud have unfortunately become common. We deeply regret to inform you that our administrative system recently experienced a security breach due to a vulnerability in a third-party marketing tool. We want to assure you that we take this matter seriously, and our utmost priority is safeguarding your personal information. We're writing to provide you with an update on the situation and the proactive steps we've taken to address it.
Upon discovering the breach, our dedicated team acted swiftly to contain the situation and secure our platform. The hackers had limited access for less than an hour before we successfully locked them out. While they managed to conduct two spam email campaigns and an SMS campaign, they were unable to export personal data due to our system's security measures.
We want to be candid about the extent of the breach. The hackers gained access to view certain non-sensitive information, such as names and preferred communication methods. Although the hackers had the potential to access individual profiles, the complexity of our system and their brief access window make it highly unlikely that any meaningful data was compromised. As the system does not allow export of data, the hackers would have needed to manually screenshot data across multiple layers, category by category, an intricate process that would have been near-impossible given the volume of accounts and the limited time they had.
We've taken immediate action to bolster our security protocols. The third-party marketing tools have been secured, and all connections have been reset. Our ongoing monitoring of the situation remains vigilant to ensure your safety.
Our comprehensive investigation is ongoing. The Litherium wallet linked to the phishing campaign has shown no signs of suspicious activity. Rest assured, we are committed to sharing timely updates as we gather more information.
In full compliance with regulatory standards, we've reported the incident to the Financial Conduct Authority (FCA) and submitted a detailed report to the Information Commissioner's Office (ICO). These steps underscore our unwavering commitment to upholding data protection and compliance.
We understand the concern and frustration this incident may have caused. Please know that your security and trust are paramount to us. The swift and strategic response of our dedicated development team played a crucial role in minimizing potential damage. Crowd2Fund stands firm in our dedication to providing a secure and seamless investment experience. We will keep you informed throughout our investigation, ensuring transparency at every stage.
We deeply apologize for any disruption or worry this incident may have caused you. Please remain assured that your personal information's security remains our top priority. While we strive to prevent such occurrences, we encourage you to remain cautious when interacting with online communications.
We understand that you may have questions or concerns. Our support team is available to address any inquiries you may have. Your trust is invaluable, and we are here to provide the answers you seek. Please reach out to us at firstname.lastname@example.org or email@example.com for any further questions.
We genuinely appreciate your understanding and patience during this challenging time. Your confidence in us drives our determination to enhance our security measures and ensure your experience remains positive and secure.
Past performance and forecasts are not reliable indicators of future results. Your capital invested is not covered for compensation in the event of a loss by the FSCS. Tax treatment will depend on the individual circumstances and may be subject to change. Please see our Risk section before making an investment decision.