Bitcoin ATM operator Byte Federal hit by data breach, 58,000 exposed

Hackers compromised the personal data of more than 58,000 customers of United States-based Bitcoin ATM operator Byte Federal.

According to a filing filed with the Maine Attorney General’s Office, Byte Federal was breached on September 30 by an unknown attacker who exploited a vulnerability in GitLab, a third-party project management and collaboration software, allowing one of its servers to be compromised.

The breach affected 58,000 customers, with compromised data including names, addresses, phone numbers, government-issued IDs, Social Security numbers, transaction activity and user photos.

Although no funds or user assets were stolen, Byte Federal asked customers to reset their login information and performed a hard reset on all customer accounts, according to a post-incident update.

Additionally, the company is working with an independent cybersecurity team to determine the cause of the incident. At the time, the Florida-based ATM operator said it found “no evidence” that the leaked information was misused.

Byte Federal is currently the eighth-largest Bitcoin ATM operator in the United States, with 1,387 machines spread across the country.

It is also currently embroiled in a trademark infringement lawsuit with leading crypto ATM operator Bitcoin Depot over the use of similar branding, which Byte Federal claims infringes its trademark rights.

The latest development comes as cryptocurrency ATMs are increasingly criticized for their role in facilitating illegal activities.

Regulators in Australia, the United Kingdom and Germany are stepping up inspections and imposing sanctions against unlicensed operators as they warn about the risks associated with cryptocurrency ATMs.