5CA Denies Involvement in Discord Data Breach, Clarifies It Doesn’t Handle Government IDs

Customer service provider 5CA stated that the data security incident affecting Discord did not originate from its systems. The company also clarified that it does not process or store government identification documents on behalf of Discord.

 

Earlier this month, Discord, a popular communication platform for gamers and online communities, confirmed that a security incident at one of its third-party customer service vendors exposed personal information of a limited number of users who had engaged with its Customer Support or Trust and Safety teams.

 

The incident occurred on September 20, when an unauthorised party accessed Discord’s customer service ticketing system using compromised credentials from an external vendor’s employee. The attackers obtained support tickets containing user data such as names, email addresses, Discord usernames, and, in some cases, scanned copies of government-issued IDs submitted during age verification appeals.

 

In a separate update, the company said its own systems were not breached and attributed the incident to 5CA, its customer service support provider.

 

“This was not a breach of Discord, but rather a breach of a third party service provider, 5CA, that we used to support our customer service efforts.

 

“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals,” Discord said.

 

In a statement shared with media, 5CA refuted the allegations, emphasising that its infrastructure was not implicated and that it has never been responsible for handling government identification data for Discord.

 

“All our platforms and systems remain secure, and client data continues to be protected under strict data protection and security controls.

 

“Based on interim findings, we can confirm that the incident occurred outside of our systems and that 5CA was not hacked. There is no evidence of any impact on other 5CA clients, systems, or data,” 5CA said.

 

“Our preliminary information suggests the incident may have resulted from human error, the extent of which is still under investigation,” the company added.

 

 

 

An unidentified group of hackers has claimed responsibility for the attack, alleging they obtained 1.5 TB of photos submitted to Discord for age verification, including over 2.1 million government-issued IDs.