Byte Federal, a major Bitcoin Automated Teller Machine (BTM) company based in the United States, has suffered a massive data breach.
According to a Thursday filing with the Maine Attorney General, Byte's federal breach allowed the attacker to access the personal information of 58,000 customers, including 111 Maine residents. The company noticed the attack on November 18, more than a month after it happened on September 30.
Venket Naga, founder and CEO of security-focused data storage service Serenity, told Decrypt that the incident illustrates the ever-changing nature of cyber security threats. According to him, companies in the crypto industry should adopt adaptive frameworks that improve upon risks to the physical and underlying infrastructure involved in the blockchain.
According to CoinATMRadar data, ByteFederal operates 1,356 Bitcom ATMs in the United States. This is equivalent to about 4.3% of all crypto ATMs in the country.
The attack was allegedly caused by exploiting a third-party service. A month later, after learning about the incident, ByteFederal decided to shut down the platform and assured users that no funds had been lost.
“The incident was caused by an unpatched or out-of-date GitLab system,” explains a joint statement from crypto cyber security firm Haken Ataberk Yavuzer and Olesia Bilenka, smart contract auditors. He then added that “inadequate server partitioning” may have allowed attackers to access confidential customer data.
“GitLab repositories may contain sensitive credentials to access Byte Federal databases that include name, date of birth, address, phone number, email address, government-issued ID, social security number, transaction activity, and user photo information.” Auditors beamed.
Despite the breach, the company said it found no evidence that customer data was misused or accessed. However, we are taking precautionary measures to ensure the security of your data and mitigate potential risks. The letter read to customers.
Byte Federal is working with an independent cyber security team to conduct a forensic investigation into the incident and has indicated that it may take legal action.
ByteFederal has sent out a notice regarding the issue and that a hard reset has been performed on all customer accounts. The company has changed its internal passwords, password management system, tokens and keys to prevent further breaches.
The company has urged customers to reset their login credentials. He warned that users could be asked to verify their personal information—a data breach would provide even more sensitive information to an organization.
“The Byte Fed incident is yet another example of how forcing businesses to keep their customers' data is the worst practice when it comes to their privacy,” an unnamed former bitcoin ATM operator told Decrypt. Instead of complying with Know-Your-Customer rules, they chose to shut down their service and want to deny their identity.
“With cryptocurrencies, these data breaches are more dangerous for users because their personal information is tied to specific financial activities, making them easy targets for theft and fraud,” added the former Bitcoin ATM operator.
Edited by Stacy Elliott.
Daily Debrief Newspaper
Start every day with top news stories, plus original features, podcasts, videos and more.
