Fiat-to-crypto payment gateway provider Transak has confirmed a security breach that exposed the personal details of 92,554 users. The incident, affecting 1.4% of Transak’s user base, occurred after attackers gained access to an employee’s laptop through a sophisticated phishing attack.

The company revealed that attackers used the compromised credentials to infiltrate the system of a third-party KYC (Know Your Customer) vendor that Transak relies on for document scanning and verification services. The attackers accessed sensitive customer data stored within the vendor’s dashboard, including names, dates of birth, user selfies, and passport and ID documents.

Transak said that no financially sensitive data—such as email addresses, phone numbers, passwords, credit card details, or Social Security Numbers—was exposed during the breach.