Thousands of Bitcoin ATM users may have personal data leaked after breach

News
By
published

Byte Federal flags data breach

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • Byte Federal filed a new notice with the Maine Attorney General's office, confirming a cyberattack
  • Attackers tried to access sensitive data on 58,000 people, but it is unclear if they succeeded
  • Targeted data included names, postal addresses, email addresses, Social Security numbers, transaction activity, and more

Byte Federal, a US company operating thousands of Bitcoin ATM machines, suffered a data breach in which customer data may (or may not) have been compromised.

In a new filing with the Maine Office of the Attorney General, the company said that on September 30 2024, an unidentified threat actor accessed its servers through a bug in third-party software.

The company spotted the intrusion on November 18, when it shut down the platform, isolated the bad actor, and secured the compromised server. The bug was in GitLab, which its developers used for project management and collaboration.

No evidence of abuse

Subsequent investigation determined that the crooks tried to access users’ sensitive information, including their names, birthdates, postal addresses, phone numbers, email addresses, government-issued ID cards, Social Security numbers, transaction activity, and photos. More than enough to engage in all sorts of malicious activity, from phishing, to wire fraud, identity theft, and more.

Whether or not the crooks succeeded in accessing these files is not yet confirmed. “We have no evidence at this time that any of your personal information was actually compromised or misused in any manner,” the company said in the filing. “No user funds or assets were compromised,” the announcement added.

In total, 58,000 people could be affected by the incident.

To address the attack, Byte Federal performed a hard reset on all customer accounts, notified the affected individuals, and did a full rotation on all system passwords, tokens, and keys.

“With the assistance of an independent cybersecurity team, we are conducting a forensic investigation to determine the cause and the scope of the incident,” Byte Federal concluded. “This investigation is ongoing, and we continue to cooperate with law enforcement in this regard.”

The company is one of the largest Bitcoin ATM operators in the United States, servicing some 1,200 machines, according to TechCrunch.

"The security of our customers is of utmost importance," a GitLab spokesperson told TechRadar Pro. "We issue security patches on a regular basis to ensure vulnerabilities are patched as soon as we are aware of them. While these patches are automatically updated for GitLab.com customers, those who opt for a self-managed deployment are responsible for their own security. We strongly encourage them to implement updates immediately to ensure the security of their environments."

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
A person with a laptop using a credit card online.
Avery label maker confirms attack on its site, customer credit card info stolen
Ransomware
Top cannabis brand Stiiizy says hackers got access to its systems
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
Latest in Security
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Latest in News
A hand holding a phone showing the Android Find My Device network
Android's Find My Device can now let you track your friends – and I can't decide if that's cool or creepy
Insta360 X4 360 degree camera without lens protector
Leaked DJI Osmo 360 image suggests GoPro and Insta360 should be worried – here's why
A YouTube Premium promo on a laptop screen
A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features
Viaim RecDot AI true wireless earbuds
These AI-powered earbuds can also act as a dictaphone with transcription when left in their case
The socket interface of the Intel Core Ultra processor
Intel unveils its most powerful AI PCs yet - new Intel Core Ultra Series 2 processors pack in vPro for lightweight laptops and high-performance workstations alike
An Nvidia GeForce RTX 5070
Nvidia confirms that an RTX 5070 Founders Edition is coming... just not on launch day
More about security
Webex by Cisco banner on a Chromebook

Cisco warns some Webex users of worrying security flaw, so patch now
Image of laptop infected with malware

Ransomware criminals are now sending their demands...by snail mail?
Haier TV M96, available in sizes of 100"/ 85"/75"

Watch the Australian Open the way it was meant to be seen: on a truly next-gen television
See more latest
Most Popular
Rocket Enterprise SSD
Sabrent launches its first 30.72TB SSD, but like all the others, you won't be able to run it on your PC (or buy it on Amazon)
Volkswagen ID.EVERY1 Concept Car
Volkswagen reveals the ID.1 concept car, which will spawn its cheapest all-electric model to date
Eurocom Raptor X17
This $12,000 laptop comes with 24TB RAID-0 SSD storage, 128GB of RAM, and Intel's most powerful mobile CPU - but no Nvidia RTX 5090M GPU
BYD Ling Yuan DJI Drone launcher
BYD’s new roof-mounted DJI drone launchpad looks like a dream for filming road trips – but less so for car safety
An AI face in profile against a digital background.
'Simulating scientists': A new AI tool wants to make serendipitous scientific discovery less human
A hand holding a phone showing the Android Find My Device network
Android's Find My Device can now let you track your friends – and I can't decide if that's cool or creepy
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
A YouTube Premium promo on a laptop screen
A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features
Viaim RecDot AI true wireless earbuds
These AI-powered earbuds can also act as a dictaphone with transcription when left in their case
Insta360 X4 360 degree camera without lens protector
Leaked DJI Osmo 360 image suggests GoPro and Insta360 should be worried – here's why