Thousands of Bitcoin ATM users could have their personal data leaked after a breach
- Byte Federal has filed a new notice with the Maine Attorney General’s office confirming a cyberattack
- Attackers tried to access sensitive data of 58,000 people, but it is unclear whether they succeeded
- Targeted data includes names, mailing addresses, email addresses, social security numbers, transaction activity, and more
Byte Federal, an American company that operates thousands of Bitcoin ATMs, has suffered a data breach that may or may not have compromised customer data.
In a new filing with the Maine Office of the Attorney General, the company said that on September 30, 2024, an unknown threat actor gained access to its servers through a bug in third-party software.
The company noticed the intrusion on November 18, when it disabled the platform, isolated the bad actor and secured the compromised server. The bug was in GitLab, which the developers used for project management and collaboration.
No evidence of abuse
Further investigation revealed that the scammers were attempting to access users’ sensitive information, including their names, dates of birth, mailing addresses, phone numbers, email addresses, government-issued identification cards, Social Security numbers, transaction activity, and photos. More than enough to carry out all kinds of malicious activities, from phishing to wire fraud, identity theft and more.
Whether the crooks managed to gain access to these files has not yet been confirmed. “We have no evidence at this time that your personal information has actually been compromised or misused in any way,” the company said in the filing. “No user funds or assets were compromised,” the announcement added.
A total of 58,000 people could be affected by the incident.
To address the attack, Byte Federal performed a hard reset on all customer accounts, notified affected individuals, and performed a full rotation on all system passwords, tokens, and keys.
“With the assistance of an independent cybersecurity team, we are conducting a forensic investigation to determine the cause and extent of the incident,” Byte Federal concluded. “This investigation is ongoing and we continue to cooperate with law enforcement in this regard.”
The company is one of the largest Bitcoin ATM operators in the United States, maintaining around 1,200 machines, according to the report TechCrunch.