Sumsub, a cornerstone in identity verification, has published an update regarding a security incident that has raised alarm among its customer base. The company disclosed that it identified unauthorized activity linked to a small number of customer accounts, stemming from an event that occurred in July 2024.
"In July 2024, an external threat actor submitted a malicious attachment via a third-party support ticketing platform which enabled limited unauthorized access to a support-related internal environment," said a spokesperson from Sumsub. This incident highlights the vulnerabilities associated with third-party services, showing how even established platforms can be exploited.
While this breach led to the exposure of some personal data, the scope remained limited. Known exposed data included names and, in fewer cases, email addresses or phone numbers. "Based on the investigation, biometric data, identity document images, bank account or payment details, and government-issued identification information were not accessed or compromised," the spokesperson confirmed.
%20(1)%20(1).webp)
Crucially, Sumsub assured its users that the unauthorized activity did not disrupt any of its live identity verification processes or customer APIs. "There is no evidence that the threat actor resumed unauthorized activity beyond the timeframe of the incident," they added, instilling some confidence among affected users.
The unauthorized activities were discovered retrospectively during a comprehensive security review conducted in January 2026. Sumsub stated, "We continue to assess the factors contributing to the timing of discovery as part of our ongoing investigation." This retrospective examination underscores the importance of regular security audits in identifying potential vulnerabilities.
Once the incident came to light, Sumsub swiftly activated its incident response protocols. The company engaged independent forensic experts and proactively informed customers who may have been affected. "The investigation remains ongoing, with internal and external cybersecurity specialists supporting forensic analysis, validation, and continued monitoring," Sumsub affirmed.
In response to this incident, Sumsub has embarked on a multi-faceted strategy to bolster its security measures. These enhancements include improved threat protection and tighter access controls for technical support personnel. "We continue to strengthen our broader security posture across our environment," the spokesperson added.
Sumsub's ongoing security program encompasses a variety of measures aimed at safeguarding client data. This includes improvements in endpoint protection, data loss prevention controls, and incident detection capabilities. The firm also conducts regular independent security audits and assessments, including SOC 2 Type II and ISO certifications, to ensure the continual improvement of their security framework.
The seriousness with which Sumsub approaches data protection is evident. "We take the protection of personal data very seriously and regret any impact and concern caused," the spokesperson stated. The company's commitment to transparency is clear as they pledge to keep stakeholders informed with updates pertinent to the investigation's findings.
Customers potentially impacted by this incident were notified directly through their respective support managers. Importantly, clients who have not been contacted have not experienced any adverse effects from the incident. For any inquiries, Sumsub has encouraged affected individuals to reach out via their support channels.
This incident serves as a reminder of the ongoing challenges in maintaining cybersecurity, especially in an era where digital interactions are prevalent. As Sumsub continues to refine its security measures following this breach, one thing is clear: vigilance and adaptability will remain pivotal in navigating the ever-evolving landscape of cybersecurity threats.