Byte Federal Bitcoin ATM operator reports data breach impacting 58k users
Learn More
Byte Federal, a Bitcoin ATM operator based in Florida, is reporting a significant data breach potentially affecting 58,000 customers.
The company discovered the breach on November 18 2024, approximately 49 days after the actual attack occurred on September 30, 2024. The breach occurred through exploitation of vulnerable GitLab instance, leading to unauthorized access to customer information.
Byte Federal suspended operations and implemented several security measures, including a hard reset of all customer accounts and updating internal passwords, password management systems, tokens, and keys. Potentially exposed data includes:
- Names
- Dates of birth
- Addresses
- Phone numbers
- Email addresses
- Government-issued IDs
- Social Security numbers
- Transaction activity records
- User photographs
The incident involved an unauthorized party gaining access to company servers by exploiting a vulnerability in the GitLab platform.
Byte Federal maintains that there is no evidence of actual data compromise or misuse, and no cryptocurrency assets were stolen, they have implemented several precautionary measures. The company is conducting a forensic investigation with an independent cybersecurity team to determine the full scope and cause of the incident, alongside a legal investigation.
