On April 17, 2024, Stretto became aware of unauthorized access to a single employee’s account after the employee fell victim to a “smishing” attack (a phishing attack conducted via SMS, or text message). Stretto immediately disabled all access by this account to Stretto systems, including all internal networks and any third-party software applications utilized by Stretto, and changed system passwords for the account.
Stretto engaged third-party cybersecurity specialists, alerted the FBI, and conducted a thorough and detailed investigation of the incident. Following an exhaustive review, Stretto determined that the unauthorized access was limited to personal information of certain creditors in the following cases: Celsius Network LLC, Core Scientific Specialty Mining, Prime Core Technologies, and Voyager Digital.
Stretto is committed to protecting our clients’ data by prioritizing security protocols and procedures and will continue to reinforce employee training regarding recognizing and avoiding phishing attacks. Stretto has also compiled consumer protection resources to help creditors better identify and protect against these bad acts. We regret any inconvenience this incident may have caused our clients or creditors.
