Security Incident

We were recently informed that on Saturday, August 19, 2023, a cyber threat actor targeted a T-Mobile US., Inc. account belonging to a Kroll employee in a highly sophisticated “SIM swapping” attack. Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor's phone at their request. As a result, it appears the threat actor gained access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis. Immediate actions were taken to secure the three affected accounts. Affected individuals have been notified by email. 

We are cooperating with the FBI and a full investigation is underway. We have no evidence to suggest other Kroll systems or accounts were impacted. 

Please be advised that Kroll Restructuring Administration will never ask or require you to do any of the following in connection with the processing of bankruptcy claims or the distribution of assets: 

• Link a cryptocurrency wallet to a website or application 
• Provide your seed phrase or private keys 
• Download any software or use a particular wallet application 
• Provide your password over email, text message or over the phone 
• Provide personal identifying information, such as your birthday or social security number, over email, social media or in any manner other than as described in a Court-approved process posted to Kroll Restructuring Administration’s case website or the Court’s docket 

Across our firm, we continue to prioritize data security and information protection. We deeply regret any inconvenience or concern this situation may have caused and we will continue to prioritize the safety and trust of our clients, partners and community.