Byte Federal, one of the biggest Bitcoin ATM operators in the U.S., says a data breach exposed sensitive info from 58,000 users.
The breach happened on September 30 but wasn’t discovered until November 18. Hackers got in by exploiting a vulnerability in GitLab, a popular tool used by developers, and gained access to Byte Federal’s systems.
Hackers exploited GitLab vulnerability
The stolen data includes a shocking amount of personal information: names, birthdates, addresses, phone numbers, email addresses, government-issued IDs, Social Security numbers, transaction records, and even user photos.
Byte Federal revealed the breach in a filing with Maine’s attorney general and said it acted quickly to limit the damage.
According to the company, the hack happened because of a bug in third-party software, specifically GitLab. The bug let an attacker slip into the network and possibly steal customer data.
With over 1,200 Bitcoin ATMs across the U.S., Byte Federal is a major target for hackers because of the sensitive info its machines store.
The company said it has reset all customer accounts, changed passwords, and stepped up security protocols. Byte Federal assured users, saying, “We have no evidence that your personal information was compromised or misused in any manner. Nonetheless, we are taking precautionary steps to safeguard your data.”
Despite this, the extent of the breach has people questioning whether Byte Federal’s security is strong enough to protect sensitive customer data.
Byte Federal is telling users to change their passwords right away. It also suggested adding fraud alerts or freezing accounts with major credit bureaus to prevent identity theft. Customers should keep an eye on their bank accounts and credit reports for anything suspicious.
