A major data breach at Byte Federal, one of America's leading Bitcoin ATM operators, has potentially exposed sensitive personal information of approximately 58,000 customers.
The Florida-based company, which operates over 1,200 cryptocurrency ATMs across the United States, discovered unauthorized access to their server on November 18, nearly seven weeks after the initial breach occurred on September 30, 2023.
According to the company's filing with Maine's attorney general, attackers exploited a vulnerability in GitLab, a widely-used software development platform, to gain access to customer data. The compromised information includes names, birthdates, addresses, phone numbers, email addresses, government-issued IDs, social security numbers, transaction records, and user photographs.
Upon discovering the breach, Byte Federal immediately suspended platform operations and implemented several security measures, including:
- Shutting down the compromised server
- Performing a complete reset of all customer accounts
- Updating internal passwords and network keys
- Engaging an external cybersecurity team to investigate
While Byte Federal stated they have no evidence that the exposed data has been misused, they advised customers to take precautionary steps such as:
- Resetting login credentials
- Monitoring financial accounts for suspicious activity
- Reviewing credit reports regularly
- Considering placing fraud alerts with credit reporting agencies
Unlike many companies facing similar incidents, Byte Federal has not offered complimentary identity theft protection or credit monitoring services to affected customers.
The incident highlights ongoing security challenges in the cryptocurrency sector, particularly for services dependent on third-party software platforms. Byte Federal maintains its position as the eighth-largest crypto ATM operator in the US, with its machines representing 4.3% of all cryptocurrency ATMs nationwide.