15th August 2023
As you may be aware, a number of users have received scam emails or texts purporting to be from Crowd2Fund, as part of a phishing attempt. These attempts by cybercriminals to commit fraud have unfortunately become common. We deeply regret to inform you that our administrative system recently experienced a security breach due to a vulnerability in a third-party marketing tool. We want to assure you that we take this matter seriously, and our utmost priority is safeguarding your personal information. We're writing to provide you with an update on the situation and the proactive steps we've taken to address it.
Swift Response and Mitigation
Upon discovering the breach, our dedicated team acted swiftly to contain the situation and secure our platform. The hackers had limited access for less than an hour before we successfully locked them out. While they managed to conduct two spam email campaigns and an SMS campaign, they were unable to export personal data due to our system's security measures.
Data Exposure and Access
We want to be candid about the extent of the breach. The hackers gained access to view certain non-sensitive information, such as names and preferred communication methods. Although the hackers had the potential to access individual profiles, the complexity of our system and their brief access window make it highly unlikely that any meaningful data was compromised. As the system does not allow export of data, the hackers would have needed to manually screenshot data across multiple layers, category by category, an intricate process that would have been near-impossible given the volume of accounts and the limited time they had.
Reinforcing Security Measures
We've taken immediate action to bolster our security protocols. The third-party marketing tools have been secured, and all connections have been reset. Our ongoing monitoring of the situation remains vigilant to ensure your safety.
Ongoing Investigation and Transparency
Our comprehensive investigation is ongoing. The Litherium wallet linked to the phishing campaign has shown no signs of suspicious activity. Rest assured, we are committed to sharing timely updates as we gather more information.
Compliance and Reporting
In full compliance with regulatory standards, we've reported the incident to the Financial Conduct Authority (FCA) and submitted a detailed report to the Information Commissioner's Office (ICO). These steps underscore our unwavering commitment to upholding data protection and compliance.
Our Pledge to You
We understand the concern and frustration this incident may have caused. Please know that your security and trust are paramount to us. The swift and strategic response of our dedicated development team played a crucial role in minimizing potential damage. Crowd2Fund stands firm in our dedication to providing a secure and seamless investment experience. We will keep you informed throughout our investigation, ensuring transparency at every stage.
Apology and Support
We deeply apologize for any disruption or worry this incident may have caused you. Please remain assured that your personal information's security remains our top priority. While we strive to prevent such occurrences, we encourage you to remain cautious when interacting with online communications.
Your Questions and Concerns
We understand that you may have questions or concerns. Our support team is available to address any inquiries you may have. Your trust is invaluable, and we are here to provide the answers you seek. Please reach out to us at support@crowd2fund.com or info@crowd2fund.com for any further questions.
We genuinely appreciate your understanding and patience during this challenging time. Your confidence in us drives our determination to enhance our security measures and ensure your experience remains positive and secure.
