- Byte Federal filed a new notice with the Maine Attorney General’s office, confirming a cyberattack
- Attackers tried to access sensitive data on 58,000 people, but it is unclear if they succeeded
- Targeted data included names, postal addresses, email addresses, Social Security numbers, transaction activity, and more
Byte Federal, a US company operating thousands of Bitcoin ATM machines, suffered a data breach in which customer data may (or may not) have been compromised.
In a new filing with the Maine Office of the Attorney General, the company said that on September 30 2024, an unidentified threat actor accessed its servers through a bug in third-party software.
The company spotted the intrusion on November 18, when it shut down the platform, isolated the bad actor, and secured the compromised server. The bug was in GitLab, which its developers used for project management and collaboration.
No evidence of abuse
Subsequent investigation determined that the crooks tried to access users’ sensitive information, including their names, birthdates, postal addresses, phone numbers, email addresses, government-issued ID cards, Social Security numbers, transaction activity, and photos. More than enough to engage in all sorts of malicious activity, from phishing, to wire fraud, identity theft, and more.
Whether or not the crooks succeeded in accessing these files is not yet confirmed. “We have no evidence at this time that any of your personal information was actually compromised or misused in any manner,” the company said in the filing. “No user funds or assets were compromised,” the announcement added.
In total, 58,000 people could be affected by the incident.
To address the attack, Byte Federal performed a hard reset on all customer accounts, notified the affected individuals, and did a full rotation on all system passwords, tokens, and keys.
“With the assistance of an independent cybersecurity team, we are conducting a forensic investigation to determine the cause and the scope of the incident,” Byte Federal concluded. “This investigation is ongoing, and we continue to cooperate with law enforcement in this regard.”
The company is one of the largest Bitcoin ATM operators in the United States, servicing some 1,200 machines, according to TechCrunch.
- Bitcoin ATMs drained after hackers exploit zero-day bug
- Here’s a list of the best antivirus
- These are the best endpoint protection tools right now