On September 15, 2017 we learned that an unauthorized third party had accessed the personal information of some coincafe customers. We immediately began an investigation and consulted a leading computer forensics firm. Our investigation determined that the third party likely gained access to the information in a previously-identified incident that took place on April 11, 2014.
On September 29, 2017 we learned that the third party had contacted some of our customers claiming to have access to their personal information and requesting payment to erase their information. We do not recommend payment of any ransom.
Our investigation determined that the third party had access to some customer personal information provided to us from the company’s inception in January 2014 through April 11, 2014. Information in our possession at that time, including customers’ names, addresses, and ID documents (driver’s license, passport or other uploaded information) may have been accessed. We have no evidence that any coincafe wallet was compromised or is at risk of compromise.
We have reported the theft of information and the demands for payment to law enforcement, and will cooperate with their investigation.
Although we have no evidence that the information was misused in any way, we want to assure you that we take the privacy and security of our customers’ information very seriously. In the years since 2014, we have taken substantial steps to strengthen the security of coincafe’s systems to help prevent a similar incident from happening in the future.
Customers who may have had personal identification documents compromised will receive a separate communication from us.
We sincerely regret any inconvenience or concern this incident may cause a small subset of our earliest users. If you have any questions, please feel free to reach us at [email protected] or +1 (347) 454-2646.