Kroll Hit with Class Action After Creditors Say Daily Phishing Followed Data Leak
Financial and risk advisory firm Kroll is facing a class-action lawsuit after creditors tied to the FTX, BlockFi and Genesis bankruptcy matters reported repeated phishing attempts that they say followed a prior Kroll data breach. The suit, filed on behalf of an FTX claimant, accuses Kroll of negligence tied to the incident and seeks both damages and fixes to the firm’s communications processes.
The complaint — brought by Hall Attorneys on behalf of plaintiff Jacob Repko and other affected creditors — argues that Kroll’s reliance on a single, email-based channel for claims outreach amplified the harm. According to the filing, weaknesses in Kroll’s claims-verification process contributed to delays and may have caused some creditors to lose funds, and the lawsuit asks the court to require operational changes in how Kroll communicates with claimants.
Background to the litigation dates to a cybersecurity incident first disclosed in August 2023, when Kroll acknowledged that an unauthorized actor accessed certain files related to bankruptcy claimants. Reporting at the time described a SIM-swap on a Kroll employee’s mobile account that was used to obtain cloud-stored claimant information — including names, email addresses, mailing addresses and some claim details — and warnings quickly followed about targeted phishing scams aimed at affected creditors.
Creditors and community advocates say the compromised information has been used to craft highly convincing scam emails. Activists and affected claimants posted screenshots showing repeated phishing messages that referenced recipients’ names and, in some cases, claimed balances — tactics that make fraudulent requests appear legitimate and have reportedly led to daily scam email reports among the creditor community. Security reporting and industry coverage from the incident’s aftermath documented these targeted phishing campaigns.
The class-action filing also comes amid earlier operational-security concerns at Kroll: the firm disclosed a separate breach in March 2025 that exposed certain client invoicing and accounts-payable information, prompting warnings that invoice-impersonation and related scams could follow. That March incident increased scrutiny of Kroll’s security practices as it continues to act as claims administrator for major bankruptcy estates.
The litigation arrives as the FTX bankruptcy process continues to move forward — including a court-authorized reduction in disputed-claims reserves that paved the way for a roughly $1.9 billion distribution to verified creditors scheduled to begin on September 30, 2025. Creditors and administrators have repeatedly cautioned claimants to rely only on official portals and authenticated communications when responding to notices or providing verification information.
What this means for affected creditors: the suit seeks monetary relief and changes to how Kroll communicates with claimants, while the broader series of incidents underscores the need for vigilance against phishing and other scams that exploit leaked personal or claims-related data. Impacted individuals are being advised to verify any outreach through official claims portals and to report suspicious messages to the relevant case administrators and law-enforcement authorities.
