HQ/EMEAFind out how we can help your business
Byte Federal, the largest Bitcoin ATM operator in the United States, has recently disclosed a significant data breach that exposed the personal information of approximately 58,000 customers.
The breach occurred after a vulnerability in GitLab, a third-party software platform widely used by developers for project management, was exploited by hackers. Byte Federal, which operates over 1,200 ATMs across 42 states, revealed that the breach took place on November 18, 2024, and was promptly discovered by their team. The company acted quickly to secure its systems, shutting down the platform and isolating the malicious actor, who had gained unauthorised access to one of the company’s servers.
While the exact nature of the GitLab vulnerability used in the attack has not been specified, Byte Federal has been actively addressing security flaws in the past year, which might have been leveraged to breach its network. In response to the incident, the company conducted a complete reset of all customer accounts, updated internal passwords, and revoked access tokens and keys used for internal network management.
The hack exposed the personal information of impacted customers, but no money or digital assets were compromised. Full names, birth dates, physical addresses, phone numbers, email addresses, government-issued identification, Social Security numbers (SSNs), transaction histories, and user photos were among the private information provided.
The exposed data, particularly the SSNs and government IDs, raises concerns over the potential for identity theft and targeted cyberattacks, such as SIM swap fraud or phishing attempts.
However, Byte Federal has stated that, as of now, there is no evidence to suggest that the stolen data has been misused.
The company has urged affected customers to remain vigilant for any suspicious activity and to report any fraudulent incidents to the authorities. Despite this, Byte Federal has not offered any identity theft protection or credit monitoring services to those impacted, recommending that customers regularly check their credit reports for signs of fraudulent accounts.
Byte Federal has set up a helpline and email support for customers seeking assistance. External cybersecurity experts and law enforcement agencies are continuing to investigate the breach. In the meantime, customers have been advised to reset their login credentials for their Byte Federal accounts and stay alert for phishing attempts. GitLab, the platform implicated in the attack, has since reminded users to implement security patches promptly, as those using self-managed deployments are responsible for their security measures.
This breach represents the vulnerabilities that can exist within third-party software systems and the potential risks for both companies and their customers.
