Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
In January 2026, French crypto tax platform Waltio confirmed a data breach after hackers from the group Shiny Hunters demanded ransom for stolen user information. The incident, disclosed around January 23, potentially affects approximately 50,000 users, primarily in France. Waltio filed a complaint with authorities for attempted extortion and unauthorized access to its automated data processing system.
Exposed data is limited to email addresses and, for some users, associated 2024 crypto asset balances or tax report summaries—sensitive enough to enable phishing or targeted scams but not full private keys, passwords, or complete financial details. Waltio emphasized that core systems remain secure and unaffected, with no evidence of broader compromise. The company notified impacted users and urged vigilance against fraud.
French prosecutors opened a preliminary criminal investigation, supported by cybersecurity agencies, while warnings highlight risks like fake law enforcement demands tied to crypto holdings. This occurs amid rising concerns over physical threats to crypto users in France.
The breach underscores regulatory and security pressures on crypto platforms in Europe, where GDPR requires prompt breach notifications and robust protections. Potential outcomes include:
– Reputational damage and user trust erosion.
– Possible CNIL review for GDPR compliance (e.g., prevention, notification timeliness).
– Mandatory security enhancements.
Industry observers note such incidents amplify calls for stronger cybersecurity in tax and crypto services. Waltio continues operations while cooperating with investigators. Users should monitor accounts, enable 2FA, and avoid unsolicited requests. The case highlights the intersection of crypto adoption, data privacy, and evolving cyber threats in regulated markets.
