Bitcoin ATM Operator Byte Federal Reports Customer Data Breach

Byte Federal, a prominent Bitcoin ATM operator based in Florida, has disclosed a data breach affecting approximately 58,000 individuals. The breach occurred on September 30, 2024, and was discovered on November 18, 2024, when the company identified unauthorized access to its systems through a vulnerability in GitLab, a third-party software platform.

Byte Federal is a key player in the cryptocurrency ATM market, with a network of machines across the United States offering convenient Bitcoin transactions. The company emphasizes user-friendly services and security, although this incident underscores the risks faced by financial service providers handling sensitive user data.

The breach, described as an “external system hacking incident,” allowed a malicious actor to access a Byte Federal server. Upon discovery, Byte Federal immediately shut down its platform, isolated the affected system, and implemented a hard reset for all customer accounts. Additional security measures, including updates to passwords, keys, and tokens, were quickly put in place.

An independent cybersecurity firm has been engaged to conduct a forensic investigation, and Byte Federal continues to cooperate with law enforcement. The company confirmed that no cryptocurrency funds or user assets were compromised in the attack.

The personal information potentially exposed in the breach includes:

• Full names
• Birthdates
• Addresses
• Phone numbers and email addresses
• Government-issued ID details, including Social Security numbers
• Transaction history
• User photographs

Byte Federal stated there is no evidence at this time that the compromised data has been misused, but the company is taking precautionary steps to safeguard impacted individuals.

Recommendations for impacted individuals

In its notification to affected users, Byte Federal tells users that they should reset their account passwords immediately, and regularly review bank and cryptocurrency account statements for unauthorized transactions.

Moreover, it is recommended to obtain free credit reports from the three major credit reporting agencies — Experian, Equifax, and TransUnion — and review them for suspicious activity. Notification recipients should also consider placing a security freeze or alert on credit accounts to prevent identity thieves from opening new accounts. Finally, report identity theft incidents to the Federal Trade Commission (FTC) and local law enforcement.

Byte Federal has apologized for the incident and assured users of its commitment to protecting their data. Impacted individuals can contact the company via a dedicated support hotline at (786) 686-2983 or email support@bytefederal.com for assistance.