Photo by Morrowind/Shutterstock.com
Bitcoin ATM provider Byte Federal is notifying over 58,000 users that their personal information was possibly breached in a cyberattack on September 30, 2024, by exploiting a vulnerability in the GitLab platform to access one of its servers. The stolen information includes full names and other personal identifiers that may be used to commit identity theft.
The company discovered the breach on November 18 and promptly shut down its platform to contain the incident. Byte Federal’s incident response also included hard resetting all customer accounts, updating internal passwords, tokens, and keys, and updating its password management system.
As for the information breached, the hackers could potentially access names, addresses, dates of birth, phone numbers, email addresses, Social Security and government ID numbers, user photos uploaded to the platform, and transaction activity details. Byte Federal adds in its incident report that no user funds or assets were compromised and that its investigation into the matter has yet to conclude that data was stolen.
The company isn’t offering any identity theft protection or credit monitoring services at the moment, as is the norm in such cases, likely due to insufficient evidence of the data being extracted or misused by attackers in any manner. That said, it has requested affected users to keep an eye out for any suspicious activity, monitor their account statements, and put a security freeze on their accounts for additional security.
Byte Federal is one of the biggest Bitcoin ATM providers in the United States, running around 1,200 ATMs nationwide. These ATMs connect to a user’s cryptocurrency wallet instead of a bank account and allow the sale or purchase of Bitcoin and, in some cases, other cryptocurrencies as well.
In the News: IoT device cloud hacked without physical access