December 12, 2024

Byte Federal has revealed that a data breach exposed the personal information of about 58,000 customers. The company is one of the largest Bitcoin ATM operators in the United States.

The Florida-based company operates over 1,200 Bitcoin ATMs across the country, where users can easily buy and sell cryptocurrencies.

Byte Federal discloses data breach

In a filing with the Maine Attorney General, Byte Federal revealed that the breach occurred on September 30. However, it was not identified until November 18. The hackers exploited vulnerabilities in third-party software, specifically the widely used developer platform GitLab, to gain access to the company’s network.

Byte Federal said the compromised data included sensitive customer details, including names, addresses, phone numbers, and government-issued IDs. Additional leaked data includes Social Security numbers, transaction records, and even user photos.

Upon discovering the breach, ByteFederal took swift action by hard resetting all customer accounts and updating internal passwords. The company expressed regret for the incident and reassured customers that it is working to strengthen its cybersecurity measures.

However, the breach has raised concerns about the security of personal data within the cryptocurrency ecosystem, especially for services that rely on third-party software.

In a blog post in November, ByteFederal acknowledged using GitLab in its operations and confirmed that the vulnerability the attackers exploited had since been fixed.

“Protecting our users remains our top priority, and we are taking every possible step to ensure the security of our platform,” the company said.

The breach is part of a growing trend of cyber attacks targeting cryptocurrency platforms and infrastructure. Most recently, a hacker bypassed Coinbase’s anti-money laundering (AML) detection system and stole $15.9 million from the platform.

Investigators discovered that the attacker exploited a vulnerability in Coinbase Commerce, highlighting the vulnerabilities even in highly regulated environments. These incidents highlight the importance of strong cybersecurity protocols across the cryptocurrency industry as hackers continue to adapt to exploit vulnerabilities.

Meanwhile, the company advised customers affected by the breach to monitor their financial accounts and credit reports for any unusual activity. The company did not disclose whether it would offer identity theft protection services to affected users, a measure often taken after such incidents.