NICEX UAB, legal entity number: 306139390, registered office address: Juozo Balčikonio g. 3, Vilnius, Lithuania, as the Data Controller is writing to inform its former users of the personal data breach that occurred at one of its KYC service provider, which performed the service of client identification and verification for NICEX UAB.
Being concerned about your security and privacy, and to lessen any negative effects of the incident, NICEX UAB has reported it to the Lithuanian supervisory authority, State Data Protection Inspectorate.
COURSE OF THE INCIDENT
In July 2024 an external threat actor submitted a malicious attachment via a third-party support ticketing platform which enabled limited unauthorized access to a support-related internal environment of the KYC service provider. The unauthorized activity was detected retrospectively during a security review conducted in January 2026.
Upon discovery, the KYC service provider immediately initiated its incident response procedures and notified affected customers directly, whereas NICEX UAB was informed on February 4, 2026.
The investigation remains ongoing, with internal and external cybersecurity specialists supporting forensic analysis, validation, and continued monitoring.
TYPE AND SCOPE OF DATA
PERSONAL DATA AFFECTED BY THE BREACH
The incident has been classified as a breach of confidential information and the risk is that the data compromised could be accessible to unauthorized persons.
However, limited personal data have been exposed. The data known to have been exposed primarily consisted of names. A smaller subset of records also included email addresses or phone numbers, either on their own or, in some cases, in combination.
Based on the investigation, biometric data, identity document images, bank account or payment details, government-issued identification information, or other higher-risk personal data were not accessed or compromised.
POSSIBLE CONSEQUENCES OF THE BREACH
It is possible, but unlikely, that you will encounter noteworthy inconveniences, which may include, for example:
NICEX UAB has not received any information about negative effects related to the incident in question. Nevertheless, it is recommended that you take necessary safety measures.
HOW CAN YOU PROTECT YOURSELF?
Considering the above information, it is our duty to recommend that you remain vigilant about the use of your personal data and do not respond to unsolicited emails, messages or phone calls, even if they are highly personalized and convincing and/or claim to be a legitimate service that you use.
Your most effective way to protect your privacy is to take the following steps:
HOW DID WE SECURE YOUR DATA AFTER THE BREACH?
As the breach did not occur at the Data Controller, NICEX UAB, but rather at the KYC service provider, NICEX UAB did not implement additional data-security measures itself. However, the former KYC service provider did undertake a thorough analysis and enhance its security measures to prevent any further security incidents.
NICEX UAB sincerely regrets this unforeseen event and extends its apologies to all former users for any inconvenience caused.
Should you have any questions or require further assistance regarding the incident, please contact us via email: [email protected].