Byte Federal, a major Bitcoin automated teller machine (BTM) company based in the United States, recently experienced a significant data breach. The breach, which occurred on Sept. 30, allowed the attacker to access the personal information of 58,000 customers, including 111 residents of Maine. The company only became aware of the breach on Nov. 18, more than a month after it happened.
Venket Naga, co-founder and CEO of security-focused data storage service Serenity, emphasized the importance of crypto industry firms adopting adaptive frameworks that evolve with emerging risks. He pointed out that cybersecurity threats are constantly evolving and pose risks to both the physical and underlying infrastructure involved with blockchain technology.
Byte Federal operates 1,356 Bitcoin ATMs in the United States, accounting for approximately 4.3% of all crypto ATMs in the country. The attack was reportedly the result of a third-party service being exploited. Following the detection of the breach, Byte Federal decided to shut down its platform to prevent further unauthorized access. The company reassured users that no funds were lost as a result of the incident.
According to a joint statement from smart contract auditors at crypto cybersecurity firm Hacken, the breach was likely caused by an unpatched or outdated GitLab system. Inadequate server segmentation may have allowed attackers to access sensitive customer data, including names, birthdates, addresses, phone numbers, social security numbers, transaction activity, and user photographs.
Despite the data breach, Byte Federal confirmed that there was no evidence of customer data being misused or accessed by unauthorized parties. The company has taken precautionary measures to secure customer data and alleviate any concerns customers may have. Byte Federal is working with an independent cybersecurity team to conduct a forensic investigation of the incident and is considering legal action.
In response to the breach, Byte Federal initiated a hard reset of all customer accounts and sent notifications to users about the incident. The company also made internal changes, such as updating passwords, password management systems, tokens, and keys to prevent future breaches. Customers were advised to reset their login credentials and may be asked to verify their personal information to confirm their identity.
The incident highlights the risks associated with storing and handling sensitive customer data in the cryptocurrency industry. A former Bitcoin ATM operator emphasized the importance of protecting customer privacy and expressed concerns about the potential for theft and fraud when personal information is compromised. The breach serves as a reminder of the importance of implementing robust cybersecurity measures to safeguard user data in the evolving landscape of cybersecurity threats.