Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A massive data breach has hit Bitcoin ATM company Byte Federal, compromising users’ information including their social security number, transaction history and even photos. If you’ve done business with Byte Federal, it’s time to do more than change your passwords. You need to freeze your credit.
With more than 1,200 locations in the United States, Byte Federal is one of the largest Bitcoin ATMs in America.By comparison, Bitcoin Depot is the most popular, with more than 8,000 machines in the U.S. Bitcoin ATMs deal with cryptocurrency.
According to a data breach notification filed with the Maine Attorney General, Byte Federal discovered it had been breached on November 18. The attack occurred on September 30. “Byte Federal was made aware of the security breach by a bad actor who has acquired Unauthorized access to one of our servers using a vulnerability in GitLab, a third-party software platform commonly used by developers around the world to manage and manage projects with”, Byte Federal explained in a post on his website.
“Upon discovery of the incident, our team immediately shut down our platform, isolated the bad actor and secured the compromised server. We also made immediate improvements to our systems, security and practices,” Byte Federal said Maine Data Breach Notification. The attack affected 58,000 customers.
That meant it reset every customer’s account, forcing them to update their passwords. “We have also updated all our internal passwords, password management system, tokens and our network keys to prevent further unauthorized access,” the statement said. “With the support of an independent cyber security team, we are conducting a forensic investigation to determine the cause and scope of the incident. This investigation is ongoing and we continue to cooperate with law enforcement on this matter.”
It emphasizes that no users’ assets or funds were affected.
While it’s nice that no one lost any money, the list of personal information available to the attackers was bad. It included customers’ “name, date of birth, address, phone number, email address, government ID, social security number, transaction activity, and user photos.”
Byte Federal said it has no evidence that any of this personal data was actually leaked in the attack, but it’s cold comfort that the breach happened on September 30 and the company didn’t notice until a month and a half later can happen.
If you’ve done business with Byte Federal, you should freeze your credit and place a fraud alert on your accounts. To its credit, the company suggested taking these steps in its communication about the hack. Freezing your credit can be a short-term pain, but it’s better than someone stealing your identity or having fraudulent accounts opened in your name.
Someone who wants to freeze their credit must contact each of the three major credit reporting agencies—Equifax, Experian, and TransUnion—and fill out some forms, whether you do it online or over the phone will freeze the account within one business day of receiving the request federal website which can be a guide.
This is not the first time that hackers have compromised a Bitcoin ATM company. Last year, hackers hit the ATM company General Bytes and came out with 1.5 million dollars. In September of this year, around the time of the byte federal breach, The FTC has warned that ATM Bitcoin scams have increased over the past few years.
“Data from the FTC Consumer Sentinel Network shows that fraud losses at BTMs are on the rise, nearly tenfold from 2020 to 2023 and topping $65 million in the first half of 2024.” the FTC said. “As the vast majority of fraud goes unreported, this likely reflects only a fraction of the true damage.”
