{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreibaslrijznk6r7vsr2kcgq273ko6iwmdoa7ccbz552c74qk2fxbk4",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3meitr74bn6f2"
},
"path": "/t/sumsub-european-kyc-third-party-company-suffers-a-data-leak/35360#post_1",
"publishedAt": "2026-02-10T09:58:13.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"Fincrime Central – 6 Feb 26",
"The Sumsub Incident and the Future of Cloud Compliance - Fincrime Central",
"Sumsub",
"Security Incident Update | Sumsub"
],
"textContent": "Fincrime Central – 6 Feb 26\n\n### The Sumsub Incident and the Future of Cloud Compliance - Fincrime Central\n\nThe Sumsub security incident demonstrates the inherent data breach risk when using third party cloud providers for identity verification and transaction monitoring services.\n\n**TL;DR:**\n\n> _**Sumsub identified a security incident in early 2026 involving unauthorized activity that originated from an external threat actor who submitted a malicious attachment through a third-party support ticketing platform in July 2024. […] While the company confirmed that identity document images and bank details remained secure, the exposed data included names, email addresses, and phone numbers for a specific subset of accounts.**_\n\n> _The discovery of this intrusion occurred retrospectively during a routine security review, leading to immediate incident response and direct notification to all affected customers through their support manager_ **- FIN CRIME CENTRAL**\n\nSumsub is “trusted third party” that verifies the identity of millions of internet users via banks, fintech, crypto, gambling…\n\nUnfortunately, I can’t find any mainstream English news sources reporting on this issue. The only recognizable English source reporting on it is Sumsub’s own blog post, which, of course, is biased.\n\nSumsub\n\n### Security Incident Update | Sumsub\n\nSecurity Incident Update",
"title": "Sumsub, European KYC third party company, suffers a data leak."
}