At FrankieOne, your trust is our top priority. We understand the significance of data security in today's digital landscape and are dedicated to safeguarding your data with the utmost care. Our commitment to security is unwavering, and we employ comprehensive systems and protocols to ensure the protection of the information you entrust to us.
This commitment spans our entire services - KYC, KYB, IDV, AML/CTF, OneSDK, Fraud & Transaction Monitoring, Portal. These robust security measures are designed to safeguard the sensitive data and processes across all our solutions.
Within this Trust Centre, you'll find detailed insights into our data security practices and the robust procedures we've established. We aim to offer transparency about our security measures and to reinforce the confidence you place in FrankieOne.
ANZ Bank
Commonwealth Bank of Australia
Westpac
Qantas
Finder
BTC Markets
Cointree
MYOB
Shopify.com
Afterpay
Kraken
BinanceDocuments
- Do you use encryption for external/internal information transmissions (i.e., over the network/internet)? What encryption standard do you use?
- Has your organization experienced any information security incidents or breaches in the past 24 months? If so, what controls were implemented to mitigate risks from these breaches?"
- Describe your organisation penetration testing approach and frequency? Please provide the latest penetration testing report.
- Does your organisation hold any certifications? For example, ISO/IEC 27001, Privacy Shield, ISO9001, Cyber Essentials.
- Describe your organisation information security policies and how often these are reviewed and updated? Please provide copies of your information security policies.
Subprocessors
Subprocessors
Impact Assessment: Supply Chain Attack Response - LiteLLM & axios
Status: ✅ Reviewed & Remediated - No customer impact
Overview
FrankieOne's security team has completed a thorough review in response to two significant open-source supply chain attacks that emerged in late March 2026. Both attacks targeted widely-used packages and affected organisations across the industry. We want to be transparent with our customers about what happened, what we did, and what it means for you.
Incident 1: LiteLLM PyPI Compromise (March 26, 2026)
What happened: The maintainer account for LiteLLM - a widely used Python library for interfacing with LLM providers such as OpenAI and Anthropic - was compromised. Attackers published two malicious versions (1.82.7 and 1.82.8) to PyPI containing a multi-stage credential-stealing payload. The malware targeted environment variables, cloud credentials (AWS, GCP, Azure), SSH keys, Kubernetes configs, CI/CD secrets, and database credentials, exfiltrating them to attacker-controlled infrastructure. The malicious versions were available for approximately two hours before removal.
FrankieOne's response:
- ✅ Impact assessment: We conducted a comprehensive audit of all our repositories and found no usage of the compromised LiteLLM versions (1.82.7 or 1.82.8). No FrankieOne systems or customer data were affected.
- ✅ GitHub Actions pinning: We performed a review and hardening of our CI/CD pipeline by pinning all third-party GitHub Actions to specific commit SHAs, in line with GitHub's own security recommendations. This prevents attackers from introducing malicious code via tampered action versions and ensures we only run workflows we have explicitly audited and approved.
- ✅ Detection improvements: The Indicators of Compromise (IOCs) and event detection rules for this attack have been added to our application security scanners to ensure early detection of any future related activity.
Incident 2: axios npm Compromise (March 31, 2026)
What happened: The npm account of the lead axios maintainer - axios being one of the most widely downloaded JavaScript HTTP client libraries with over 300 million weekly downloads - was hijacked. Two malicious versions were published: axios@1.14.1 and axios@0.30.4. Both versions injected a malicious dependency (plain-crypto-js@4.2.1) that deployed a cross-platform Remote Access Trojan (RAT) targeting macOS, Windows, and Linux. The malware contacted attacker-controlled infrastructure and self-destructed after execution to avoid forensic detection. npm removed both versions shortly after discovery.
FrankieOne's response:
- ✅ Impact assessment: We audited all repositories in our GitHub organisation and confirmed that none of our codebases referenced or resolved the malicious axios versions (1.14.1 or 0.30.4). No FrankieOne systems or customer data were affected.
- ✅ Package lockdown: We have pinned axios to a verified stable version and disabled automatic updates for the package, preventing any unreviewed future versions from being pulled into our builds.
- ✅ Detection improvements: The IOCs and event detection rules for this attack - including the C2 domain sfrclak[.]com and associated filesystem artifacts - have been added to our application security scanners.
What This Means for Our Customers
At this time, FrankieOne has found no evidence of compromise in relation to either attack. There has been no unauthorised access to customer data and no impact to the FrankieOne platform or services.
These incidents are a reminder of the systemic risk posed by open-source supply chain attacks. FrankieOne takes a proactive, defence-in-depth approach to supply chain security, including continuous dependency scanning, CI/CD hardening, and active monitoring of threat intelligence feeds.
SOC 2 Type II Attestation Achieved
We’re pleased to share that we have successfully completed our SOC 2 Type II audit. This independent assessment confirms that our controls and processes operated effectively over the audit period, in alignment with the Trust Services Criteria for security, availability, and confidentiality. Please download the latest report from this Trust Center.
Achieving SOC 2 Type II demonstrates our ongoing commitment to protecting customer data and maintaining strong security and compliance practices.
Impact Assessment of critical vulnerability related to React Server Components (CVE-2025-55182 , CVE-2025-66478)
We have completed our detailed impact assessment of this vulnerability and found that there is no usage of impacted React Server Components within our environment.
Also, Cloudflare, our WAF provider, has deployed rules preventing the exploitation of this vulnerability - https://blog.cloudflare.com/waf-rules-react-vulnerability/
Welcome to our Customer Trust Center!
Welcome to our new FrankieOne Trust Center. We take security and privacy seriously. This page provides clear, up-to-date details on our controls, certifications, and policies to support your evaluation with confidence.