Thousands of Bitcoin ATM users may have personal data leaked after breach

1 week ago 3
An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)

  • Byte Federal filed a new notice with the Maine Attorney General's office, confirming a cyberattack
  • Attackers tried to access sensitive data on 58,000 people, but it is unclear if they succeeded
  • Targeted data included names, postal addresses, email addresses, Social Security numbers, transaction activity, and more

Byte Federal, a US company operating thousands of Bitcoin ATM machines, suffered a data breach in which customer data may (or may not) have been compromised.

In a new filing with the Maine Office of the Attorney General, the company said that on September 30 2024, an unidentified threat actor accessed its servers through a bug in third-party software.

The company spotted the intrusion on November 18, when it shut down the platform, isolated the bad actor, and secured the compromised server. The bug was in GitLab, which its developers used for project management and collaboration.

No evidence of abuse

Subsequent investigation determined that the crooks tried to access users’ sensitive information, including their names, birthdates, postal addresses, phone numbers, email addresses, government-issued ID cards, Social Security numbers, transaction activity, and photos. More than enough to engage in all sorts of malicious activity, from phishing, to wire fraud, identity theft, and more.

Whether or not the crooks succeeded in accessing these files is not yet confirmed. “We have no evidence at this time that any of your personal information was actually compromised or misused in any manner,” the company said in the filing. “No user funds or assets were compromised,” the announcement added.

In total, 58,000 people could be affected by the incident.

To address the attack, Byte Federal performed a hard reset on all customer accounts, notified the affected individuals, and did a full rotation on all system passwords, tokens, and keys.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“With the assistance of an independent cybersecurity team, we are conducting a forensic investigation to determine the cause and the scope of the incident,” Byte Federal concluded. “This investigation is ongoing, and we continue to cooperate with law enforcement in this regard.”

The company is one of the largest Bitcoin ATM operators in the United States, servicing some 1,200 machines, according to TechCrunch.

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article