Bytes Federal has revealed that a data breach compromised the personal information of approximately 58K customers. This company is one of the largest Bitcoin ATM operators in the United States.
The Florida-based company operates more than 1,200 Bitcoin ATMs nationwide, where users can conveniently buy and sell cryptocurrency.
Byte Federal Reveals Data Breach
In one file to the Maine Attorney General, Byte Federal revealed that the breach occurred on September 30. However, it was not discovered until November 18. Hackers took advantage of vulnerabilities in third-party software, specifically the widely used GitLab development platform, to gain access to the company’s network.
Byte Federal said the breached data included sensitive customer information, including names, addresses, phone numbers and government-issued identification documents. Additional leaked data included social security numbers, transaction history, and even user photos.
After discovering the breach, Byte Federal acted quickly by performing a complete reset of customer accounts and updating internal passwords. The company expressed regret for this incident and assured customers that it is working to strengthen its cybersecurity measures.
However, the breach has raised concerns about personal data security in cryptocurrency systems, especially for services that rely on 3rd party software.
In a November blog post, Byte Federal admit the use of GitLab in its operations and confirmed that the vulnerability exploited by the attacker has been fixed.
“Protecting our users remains a top priority, and we are taking every step possible to ensure the security of our platform,” the company stated.
The breach is part of a growing trend of cyberattacks targeting cryptocurrency platforms and infrastructure. Recently, a hacker bypassed Coinbase’s money laundering (AML) detection system, stealing $15.9 million from the platform.
Investigators discovered attackers exploited a vulnerability in Coinbase Commerce, highlighting the existence of vulnerabilities even in highly regulated environments. These incidents reflect the importance of strong cyber security protocols across the cryptocurrency industry as IT criminals continually adapt to exploit weaknesses.
Meanwhile, the company recommends that affected customers monitor their financial accounts and credit reports for unusual behavior. The company has not disclosed whether it will offer identity theft protection to affected users, a measure commonly taken after such incidents.