In response to the Fractal data breach, below we share details about our communications with Fractal, some additional context and clarification, and the information we have thus far.
We had dramatically reduced our usage of Fractal and now commit to ending our limited use of of them as a vendor moving forward. In December, the Optimism Foundation moved away from Fractal as an identity verification provider and stopped using them for most users and geographies. This move was spurred by community provided feedback that the process felt unnecessarily thorough. We are currently using Persona to satisfy our identity verification requirements as a component of KYC. You can read about their successful completion of key privacy and security audits here: https://withpersona.com/security.
While we are still waiting to learn more from Fractal about the nature of the breach, their team has confirmed that five Optimism users were impacted. Breached data did not include any direct association between a user’s personal identifying information and a team’s Optimism grant awards, nor their L1 or L2 addresses in use for grant awards. Email or other contact information provided to Fractal may have been subject to the data breach. The Fractal team can provide users with the most context about their specific cases and impact.
The privacy of our community’s data is critically important to us. We reached out to Fractal to request deletion of any user data from Optimism community members. Because the data belongs to individuals and not Optimism, they informed us that users need to request data deletion personally. You can email privacy@fractal.id to request data deletion. Please feel free to use the following template:
"Dear Fractal team,
I hereby request the deletion of my account with Fractal ID and erasure of the underlying personal data."
Please confirm via email when this deletion has been completed.
Fractal has assured us that they have reached out to all impacted users. If you have not received an email from noreply@fractal.id, then your data is not believed to have been among the records compromised.
We’re following developments closely and our team is communicating with Fractal to advocate for Optimism users and their data protection. We’ll continue to share material updates here as they become available, but encourage users to reach out directly to Fractal for information.