Sumsub identified a security incident involving unauthorized activity associated with a limited number of customer accounts.
Based on information currently available, Sumsub’s investigation indicates that in July 2024 an external threat actor submitted a malicious attachment via a third-party support ticketing platform which enabled limited unauthorized access to a support-related internal environment.
As a result, limited personal data may have been exposed. The data known to have been exposed primarily consisted of names. A smaller subset of records also included email addresses or phone numbers, either on their own or, in some cases, in combination. Based on the investigation, biometric data, identity document images, bank account or payment details, government-issued identification information, or other higher-risk personal data were not accessed or compromised.
The unauthorized activity was confined to a support-related internal environment and did not affect Sumsub’s live identity verification workflows, customer-facing APIs, or core production systems. There is no evidence that the threat actor resumed unauthorized activity beyond the timeframe of the incident, and we have not detected any indicators of ongoing unauthorized activity after July 2024.
The unauthorized activity was detected retrospectively during a security review conducted in January 2026. Sumsub continues to assess the factors contributing to the timing of discovery as part of its ongoing investigation.
Upon discovery, Sumsub immediately initiated its incident response procedures, engaged independent forensic experts, and notified affected customers directly. The investigation remains ongoing, with internal and external cybersecurity specialists supporting forensic analysis, validation, and continued monitoring.
Following discovery, Sumsub has taken and continues to take further steps to strengthen its security controls. These include enhanced threat protection, revisions to technical support personnel access controls, as well as enhancements to monitoring and incident detection capabilities.
As a part of its ongoing security program, Sumsub continues to strengthen its broader security posture across its environment. This ongoing work spans endpoint protection, data loss prevention controls, monitoring and logging capabilities, continuous security operations coverage, vulnerability scanning, and regular penetration testing and bug bounty programs. Sumsub also undergoes regular independent security audits and assessments, including SOC 2 Type II, ISO/IEC 27001, and ISO/IEC 27017 / 27018.
Sumsub takes the protection of personal data very seriously and regrets any impact and concern caused. The company remains committed to transparency and will provide updates as appropriate based on the outcome of its ongoing investigation.
Note to clients
Customers who may have been affected by this incident have been notified directly through their respective customer support teams. Customers who have not been contacted are not impacted by this incident.
Contacts
If you have questions, please contact Sumsub at [email protected]
