A massive data breach has hit Bitcoin ATM company Byte Federal, compromising user information including their social security number, transaction history and even photographs. If you’ve done business with Byte Federal, it’s time to do more than change your passwords. You must freeze your credit.

With over 1,200 locations across the United States, Byte Federal is one of the largest Bitcoin ATM companies in America. For comparison, Bitcoin Depot is the most popular, with over 8,000 machines installed in the United States. Bitcoin ATMs solve a problem for cryptocurrency: it makes it seem normal and easy to use for the average consumer.

According to a data breach notification filed with the Maine Attorney General, Byte Federal discovered there had been a breach on November 18. The attack took place on September 30. “Byte Federal became aware of a security breach committed by a bad actor who gained unauthorized access to one of our servers by exploiting a vulnerability in GitLab, a third-party software platform commonly used by developers around the world for project management and collaboration with comprehensive security features”, Byte Federal explained in an article on its website.

“Upon discovery of the incident, our team immediately shut down our platform, isolated the malicious actor and secured the compromised server. We have also made immediate improvements to our systems, security and practices,” Byte Federal said in its statement. Maine Data Breach Notice. The attack affected 58,000 customers.

This meant resetting each customer’s account, requiring them to update their passwords. “We have also updated all of our internal passwords, password management system, tokens and keys for our network to prevent unauthorized access,” the statement said. “With the assistance of an independent cybersecurity team, we are conducting a forensic investigation to determine the cause and extent of the incident. This investigation is ongoing and we continue to cooperate with law enforcement in this regard.

He stressed that no assets or user funds were affected.

While it’s nice to see that no one lost any money, the list of personal information the attackers had access to is bad. It included “name, date of birth, address, phone number, email address, government-issued ID, social security number, transaction activity, and user photos » of customers.

Byte Federal said it has no evidence that this personal information was actually leaked in the attack, but that’s little comfort. The breach occurred on September 30 and the company didn’t realize it until a month and a half later. A lot can happen in a month and a half.

If you dealt with Byte Federal, you should freeze your credit and place a fraud alert on your accounts. It must be recognized that the company suggested taking these measures in its communication on this hack. Freezing your credit can be painful in the short term, but it’s better than someone stealing your identity or opening fraudulent accounts in your name.

Anyone wishing to freeze their credit must contact each of the three major credit reporting agencies (Equifax, Experian, and TransUnion) and fill out certain forms. If you do it online or by phone, agencies must freeze the account within one business day of receiving the request. There is a federal website which can serve as a guide.

This is not the first time hackers have compromised a Bitcoin ATM company. Last year, hackers attacked ATM company General Bytes and fled with $1.5 million. In September of this year, at the time of the Byte Federal breach, the The FTC warned that Bitcoin ATM scams have increased in recent years.

“Data from the FTC Consumer Sentinel Network shows that BTM fraud losses are skyrocketing, increasing almost tenfold between 2020 and 2023, and exceeding $65 million in the first half of 2024 alone. » the FTC said. “Since the vast majority of fraud goes unreported, this likely reflects only a fraction of the actual harm. »