Home » Waltio Hit by a Data Breach and an Extortion Attempt

Waltio Hit by a Data Breach and an Extortion Attempt

by v

On the night of January 21, the tax assistant Waltio fell victim to a data breach, quickly followed by an extortion attempt attributed to the hacker group “Shiny Hunters.” According to initial reports, nearly 50,000 users may be affected, while French authorities have launched an investigation. To what extent is the centralization of sensitive data justifiable when it becomes a prime target for cybercriminals?

The “Shiny Hunters” Behind the Extortion Linked to the Waltio Data Breach

On the night of January 21, the tax assistant Waltio reported that it had been informed of a data breach. French authorities have taken up the case and are investigating to determine the nature of the stolen data and identify the victims.

In a press release issued by Pierre Morizot, CEO of Waltio, we learn that the platform was attacked by a malicious actor and that the latter provided a sample to verify the authenticity of their claim.

According to a report in the newspaper Le Parisien, the notorious hacker group “Shiny Hunters” is believed to be behind this attack. They claim to be in possession of the personal data of nearly 50,000 customers (one-third of users), the majority of whom are located in mainland France.

It appears that the attacker contacted the company Waltio and is demanding a ransom. As soon as this message was received, incident management procedures were initiated. The company explains that it has hired external experts to “analyze the situation with the highest level of rigor.”

Indeed, in a press release, the cybercrime unit (J3) of the Paris Public Prosecutor’s Office announced that it had entrusted the investigation to the National Cyber Unit of the National Gendarmerie (UNCyber).

Joint statement from the Paris Public Prosecutor’s Office and the Gendarmerie’s cyber unit on the Cybermalveillance website

Joint statement from the Paris Public Prosecutor’s Office and the Gendarmerie’s cyber unit on the Cybermalveillance website

According to Waltio, preliminary findings from the investigation indicate that the intrusion is no longer active and that all of the platform’s services are operating normally.

As for the data involved, the scope is limited to “the generation of 2024 tax reports, as of December 31, 2024,” according to the press release. This means that the user’s email address and data from the reports (gains, losses, balances) may be accessible.

By its very nature, Waltio’s tax assistant aggregates data from your accounts on trading platforms in order to analyze it and then calculate the amount of your taxable capital gains.

Pierre Morizot nevertheless clarifies, to reassure users, “that no data allowing access to your crypto-assets has been compromised.” Furthermore, he notes that the platform does not require any personal identification information (first name, last name, mailing address, phone number, date of birth).

The company explains that it is continuing its investigation by conducting a comprehensive review of its IT system’s history. A direct communication will be sent to potentially affected users, accompanied by “clear and actionable” recommendations.

Furthermore, Waltio announces that it is committed to reporting the incident to the CNIL and has filed a complaint through its attorney, Maître Romain Chilly, with Section J3 of the Paris Public Prosecutor’s Office.

The main risk: social engineering attacks

As stated in the press release, the main risk with this type of data breach is not the technical theft of funds. Attackers will prefer to exploit contextual elements to target victims with phishing or scam attempts.

They will use several cognitive biases to put you in a stressful situation and push you into making a mistake:

  • urging you to react quickly;
  • threat of financial loss;
  • impersonation of a legitimate figure;
  • fear of negative consequences;
  • social pressure…
Recommendations for cryptocurrency holders, available on the Cybermalveillance website

Recommendations for cryptocurrency holders, available on the Cybermalveillance website

It is therefore particularly important to clearly identify who you are dealing with. You can verify the authenticity of a Waltio email using the security code at the bottom of the marketing emails sent. Waltio recommends checking that it matches the codes in your account.

It is also important to note that the company does not have your phone number or mailing address, so you will not receive any calls, text messages, or mail from them.

This incident is contributing to a growing climate of fear among cryptocurrency holders in France. Recently, cases of kidnappings, false imprisonment, and threats have been making headlines on a regular basis.

The centralization of sensitive information creates a single repository of data and constitutes a major vulnerability. The particularly long list of data breaches (including a number of public agencies) documented by the website bonjourlafuite for the year 2025 calls into question the legitimacy of certain agencies’ access to this type of data.

As ADAN explains, this data collection often stems from regulatory requirements; the substantial scope of this data processing must be reviewed to avoid creating new vulnerabilities.

No matter what protections are assigned to an IT system, it will always be vulnerable. Thus, to reduce the attack surface, the one and only solution seems to be data minimization: zero data, zero leaks.

Related Posts

Leave a Comment