Byte Federal, a Bitcoin ATM operator based in the United States, has been hit by a significant data breach, compromising the personal data of over 58,000 customers. The breach, which occurred on September 30, was orchestrated by an unknown hacker who exploited a vulnerability in GitLab. GitLab is a third-party project management and collaboration software, and the attacker used this exploit to compromise one of Byte Federal’s servers.
The compromised data is extensive, comprising names, addresses, phone numbers, government-issued IDs, Social Security numbers, transaction activity, and user photographs. Despite the severity of the data breach, Byte Federal has confirmed that no funds or user assets have been stolen.
In the wake of this breach, Byte Federal has taken immediate action to mitigate the impact on its customers. The company has urged its customers to reset their login credentials and has performed a hard reset on all customer accounts, as revealed in a post-incident update. Additionally, Byte Federal has enlisted the help of an independent cybersecurity team to identify the origin and cause of the incident. Despite the severity of the breach, Byte Federal has stated that they have found “no evidence” that the compromised information has been misused.
Byte Federal currently ranks as the eighth largest Bitcoin ATM operator in the US, operating 1,387 machines across the country. However, the company is also currently entangled in a trademark infringement lawsuit with the leading cryptocurrency ATM operator, Bitcoin Depot. Byte Federal has accused Bitcoin Depot of employing similar branding, thus infringing on its trademark rights.
This incident occurs at a time when cryptocurrency ATMs are under increased scrutiny for their potential role in facilitating illicit activities. Regulatory bodies in Australia, the United Kingdom, and Germany have all issued warnings about the associated risks of cryptocurrency ATMs. These authorities are intensifying their oversight and taking enforcement action against unlicensed operators.
This incident serves as a reminder of the risks associated with digital currencies and the platforms that facilitate their use. Customers are advised to remain vigilant about the security of their personal information and to take the necessary steps to protect their data. The importance of robust cybersecurity measures cannot be overstated, particularly in sectors such as this, where sensitive personal and financial data is routinely processed.
