May 3, 2020
On April 18, 2020, an unauthorized external party briefly accessed Etana Custody’s client user interface. This triggered Etana’s internal security systems, including its internal protocols with respect to client transfer requests and Etana neutralized the breach. This prevented any impact on client assets or securities, including fiat or digital currencies, as well as stopped any unauthorized withdrawals or transfers. In total, 838 clients were impacted, and it is possible that names, email addresses, physical addresses, and phone numbers may have been viewed during this period. Additionally, four clients may have also had driver’s license numbers, government-issued identification numbers, or passport numbers that were viewed. All of our impacted clients have now been notified and are taking appropriate precautions. It is important to note that Etana does not collect or process the credit card information of any of its clients.
Etana takes our commitment to our client’s privacy and security extremely seriously and regrets any concern that this has caused our trusted customers. We have taken numerous proactive steps to address this issue going forward, including:
- All API and Gateway tokens have been reset and Etana has notified its technology vendors and partners.
- Etana has issued a security patch on its internal client interface to prevent future breaches.
- Etana has completed an internal review of security protocols and all employees have been retrained on security policies and procedures.
- Etana has expedited the launch date of a new technology stack which will further reinforce our security procedures.