Byte Federal Data Breach Exposes Personal Information of 58,000 Customers

According to Decrypt, Byte Federal, a prominent Bitcoin automated teller machine (BTM) company based in the United States, has experienced a significant data breach. The breach, which was disclosed in a filing with Maine's attorney general, affected the personal data of 58,000 customers, including 111 residents of Maine. The company discovered the breach on November 18, more than a month after it occurred on September 30. Venket Naga, co-founder and CEO of Serenity, a security-focused data storage service, commented on the incident, highlighting the evolving nature of cybersecurity threats. He emphasized the need for crypto industry firms to adopt adaptive frameworks to address emerging risks that threaten both physical and underlying blockchain infrastructure. Byte Federal operates 1,356 Bitcoin ATMs across the United States, accounting for approximately 4.3% of all crypto ATMs in the country. The breach was reportedly caused by the exploitation of a third-party service. Upon detecting the incident, Byte Federal shut down its platform and assured users that no funds were lost. A joint statement from Hacken, a crypto cybersecurity firm, indicated that the breach was due to an unpatched or outdated GitLab system and inadequate server segmentation. This allowed attackers to access sensitive customer data, including names, birthdates, addresses, phone numbers, email addresses, government-issued IDs, social security numbers, transaction activity, and user photographs. Despite the breach, Byte Federal stated that there was no evidence of customer data being misused or accessed. The company is taking precautionary measures to secure data and alleviate customer concerns. It is working with an independent cybersecurity team to conduct a forensic investigation and may pursue legal action. Byte Federal has reset all customer accounts, changed internal passwords, and updated its password management system, tokens, and keys to prevent further breaches. Customers have been urged to reset their login credentials and may be required to verify their personal information. An anonymous former Bitcoin ATM operator expressed concerns about the incident, stating that retaining customer data poses significant privacy risks. They noted that data breaches in the cryptocurrency sector are particularly dangerous as they link personal information with specific financial activities, making users vulnerable to theft and fraud. The former operator chose to shut down their service rather than comply with know-your-customer rules, citing privacy concerns.