Bitcoin ATM operator Byte Federal is notifying 58,000 people that their personal information might have been compromised in a data breach.
Discovered on November 18, the hack occurred after threat actors exploited a vulnerability in the GitLab collaboration platform to access one of its servers.
To contain the incident, Byte Federal shut down its platform, hard reset all customer accounts, updated all internal passwords, tokens, and keys, and updated its password management system.
According to the company, the threat actors potentially targeted personal information such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, government ID numbers, user photographs, and transaction activity details.
In an incident notice (PDF) on its website, Byte Federal said that no user funds or assets were compromised and that its investigation into whether data was indeed stolen continues.
“We have no evidence at this time that any of your personal information was actually compromised or misused in any manner. Nonetheless, we are taking precautionary measures to ensure the security of your data and to help alleviate any concerns you may have,” the company said.
While not offering identity theft protection and credit monitoring services, Byte Federal is encouraging the potentially affected individuals to monitor their account statements for any suspicious activity and to place a fraud alert or security freeze on their accounts.
The company notified the Maine Attorney General’s Office that 58,000 people might have been affected by the incident.
Advertisement. Scroll to continue reading.
One of the largest Bitcoin ATM operators in the US, Byte Federal operates 1,200 ATMs across the country, allowing users to buy and sell cryptocurrency.
Related: 446,000 Impacted by Center for Vein Restoration Data Breach
Related: Phishing: The Silent Precursor to Data Breaches
Related: Anna Jaques Hospital Data Breach Impacts 316,000 People
Related: Rush Health System Reports Data Breach Affecting 45,000