Thousands of Bitcoin ATM users may have exposed their personal data after a security breach.

Byte Federal, an American company known for operating an extensive network of Bitcoin ATMs, has revealed that it was the victim of a cyberattack that may have put the data of approximately 58,000 individuals at risk. The company informed the Maine Attorney General's Office about the incident, which occurred on September 30, 2024, when a malicious actor accessed its servers by exploiting a vulnerability in third-party software.

On November 18, Byte Federal detected the intrusion and took immediate steps to mitigate the damage. The company proceeded to deactivate its platform, isolate the attacker, and secure the compromised server. The vulnerability originated from GitLab, used by its developers for project management and collaboration.

A subsequent investigation suggested that the attackers attempted to access sensitive user information, including names, dates of birth, addresses, phone numbers, email addresses, government-issued identification numbers, Social Security numbers, transaction activity, and photographs. However, the company has not been able to confirm whether the criminals succeeded in accessing these files. In the notice submitted, Byte Federal stated: "We have no evidence at this time that your personal information has been compromised or used in any way."

In response to the attack, the company conducted a thorough reset of all customer accounts, notified those affected, and carried out a complete rotation of all system passwords, tokens, and keys. Additionally, the company has initiated a forensic investigation with the help of an independent cybersecurity team to determine the cause and extent of the incident, working in collaboration with the relevant authorities.

Byte Federal operates nearly 1,200 Bitcoin ATMs in the United States and is closely monitoring the developments of the situation.