Kroll, the claims agent in FTX and BlockFi’s bankruptcy proceedings, suffered a cybersecurity incident which compromised some claimants’ data in the ongoing cases. 

In an X post on Thursday, FTX’s official account notified users of the incident, which it said impacted “non-sensitive customer data” of certain claimants.

FTX said its own systems were not affected, but urged users to be on the lookout for potential phishing attempts from emails impersonating the parties in the bankruptcy.

BlockFi users received a similar email from the platform, describing the event as an “unauthorized third party” gaining access to Kroll on Aug. 23. According to the email, the hackers also gained access to BlockFi client data in the process.

“In the following weeks, you should expect an uptick in phishing attempts and spam phone calls,” said BlockFi in the email.

Following the notice, some X users reported that they had indeed received emails from parties claiming to be FTX, directing users to a seemingly fraudulent “Withdraw Now” link.

Some users also questioned FTX’s labeling of the comprised data as “non-sensitive,” when in fact, Kroll’s website describing the incident disclosed that the unauthorized party had accessed files in its cloud-based systems, which included files that contained names, addresses, email addresses, and the balance in users’ FTX accounts.