just got this email about an employee at Celsius

Edit: employee at customer.io, not Celsius. I misread, sorry!

We are writing to let you know that we were recently informed by our vendor Customer.io that one of their employees accessed a list of Celsius client email addresses held on their platform and transferred those to a third-party.

 

We do not consider the incident to present any high risks to our clients whose email addresses may have been affected but are releasing this communication to make sure you are aware.

 

We have been in ongoing communication with Customer.io. They have confirmed that no other Celsius-related data was compromised beyond those identified email addresses.      

 

To state clearly, Celsius’ systems and security had not been involved or impacted. Celsius’ robust security and data protection management, and our focus on protecting our clients’ data, remain intact.

 

Context

On 30 June 2022, Celsius identified that one of its vendors, Customer.io, had been involved with a data breach connected to OpenSea. Celsius proceeded to remove all data held with Customer.io. We quickly contacted Customer.io and they responded that, as of that time, no Celsius data had been involved in their breach. Celsius requested all details surrounding the incident.

 

On 8 July 2022, Customer.io informed us that one of their employees had accessed a list of Celsius client email addresses from Customer.io’s platform, along with lists from several of their clients, and transferred these lists to a third-party bad actor. Customer.io confirmed that, other than the identified email addresses, no other Celsius client data was accessed or taken by the employee.

 

Evidence of this incident has not yet been provided to us by Customer.io. 

    

Customer.io made a public statement on the matter

          

Further Information    

Celsius sees this as a severe violation of vendor-client relations, and we have notified the appropriate authorities. Again, we do not consider the incident to present any high risks to our clients whose email addresses may have been affected. Should you wish to contact us for further information regarding the incident, please contact our data protection officer, Charles Roberts, at [email protected] for further information.

              

Sincerely,

Celsius

 

View Source

14 thoughts on “just got this email about an employee at Celsius”

  1. So done with these guys. Most incompetent management ive ever seen it could be a fuckin comedy skit. Literally dropping the ball then tripping on that ball and shitting their pants on the floor from the impact

    Reply
  2. Email leaks might not seem like a big deal to the average user but IIRC that’s how a lot of Ledger owners were targeted with emails and sophisticated social engineering scams.

    Reply
  3. Celsius gave me such good vibes of professionalism and legitness. I was sure that itll be the next big one.

    All that evaporated in less than a month

    Reply
  4. So we know about them and unstoppable domains. I wonder who the other clients of customer.io whose records were leaked are.

    Reply

Leave a Comment