Bitcoin ATM operator Byte Federal hit by data breach, 58,000 exposed

Hackers have compromised the personal data of over 58,000 customers of United States-based Bitcoin ATM operator Byte Federal.

According to a filing with the Maine Attorney General’s office, Byte Federal was breached on September 30 by an unknown attacker who exploited a vulnerability in GitLab, a third-party project management and collaboration software, which allowed them to compromise one of its servers.

The breach affected 58,000 customers, with compromised data including names, addresses, phone numbers, government-issued IDs, Social Security numbers, transaction activity, and user photographs.

While no funds or user assets have been stolen, Byte Federal has urged customers to reset their login credentials and has already performed a hard reset on all customer accounts, according to a post-incident update.

Further, the company is working with an independent cybersecurity team to determine the cause of the incident.  At the time, the Florida-based ATM operator said they found “no evidence” of the leaked information being misused.

Byte Federal is currently the eighth largest Bitcoin ATM operator in the US, with 1,387 machines spread across the country. 

It is also currently embroiled in a trademark infringement lawsuit with the leading crypto ATM operator, Bitcoin Depot, over the use of similar branding, which Byte Federal claims violates its trademark rights.

The recent development comes as cryptocurrency ATMs have increasingly been criticized for their role in facilitating illicit activities.

Regulators in Australia, the United Kingdom, and Germany have all warned of the risks associated with cryptocurrency ATMs while increasing oversight and taking enforcement actions against unlicensed operators.