Estonian authorities have negligently leaked the email addresses of more than 200 cryptocurrency trading service providers. The personal data breach follows an effort by the nation’s anti-money laundering bureau to gather information on Estonia’s crypto-asset industry.
The agency, part of the Estonian Police and Board Guard Board, sent out a mass email demanding companies submit detailed information about their businesses. However, it neglected to hide the email addresses of the other recipients. The incident is much like, but smaller in scale, to that of the BITMEX user email address leak just a few weeks ago.
The email itself, seen first by BeInCrypto Russia, asks its recipients to provide detailed answers to a series of questions along with other data relating to the operation of the business. Firms are given four weeks to submit the responses and participation is mandatory, as per Article 20 of Estonia’s Administrative Procedures Act. The reason cited for the information request is to help the agency protect against money laundering and combat the financing of terrorism.
Despite the fact that the email is clearly an effort to encourage cryptocurrency companies to abide by existing regulations, the legality of the request is under question thanks to the leak. As a member of the European Union, Estonia is subject to the EU’s General Regulation on Personal Data Protection (GDPR).
Intended to provide citizens control over their personal data, GDPR requires the confidentiality of certain information to be respected. Clearly, this latest example of an email address leak fails to satisfy this.
The Estonia email address leak is the second time such an incident has occurred this month in the cryptocurrency industry.
As BeInCrypto previously reported, leading Bitcoin derivatives exchange BitMEX recently inadvertently shared a huge number of its own customers’ email addresses by also failing to hide them when sending a mass email. This caused some commentators in the crypto-asset industry to question the competency of the platform.
— Matt (@Vanalli) November 1, 2019
Just like law enforcement agencies and cryptocurrency exchanges, traditional finance is also no stranger to such data breaches. Last month, Italian bank UniCredit revealed a leak that exposed three million customers’ personal data. Although the security compromise did not involve any financial data, individuals’ names, telephone numbers, email addresses, and other information were compromised.
Images courtesy of Twitter, Shutterstock.
Did you know you can trade sign-up to trade Bitcoin and many leading altcoins with a multiplier of up to 100x on a safe and secure exchange with the lowest fees — with only an email address? Well, now you do! Click here to get started on StormGain!
