Major U.S. Bitcoin ATM operator Byte Federal had personal information from 58,000 customers inappropriately accessed following a cyberattack that involved the exploitation of an unspecified vulnerability impacting the widely used third-party software platform GitLab, BleepingComputer reports.
Infiltration of Byte Federal's systems exposed individuals' full names, birthdates, physical addresses, email addresses, phone numbers, Social Security numbers, government-issued IDs, photos, and transaction activity, according to the firm's data breach notice, which emphasized that there has been no indication suggesting misuse of such data. "Upon discovery of the incident, our team immediately shut down our platform, isolated the bad actor, and secured the compromised server," said Byte Federal, which has already moved to reset all customer accounts and change internal credentials amid an ongoing investigation into the incident. Despite providing automated patching for its customers, GitLab noted that organizations under self-managed deployment should lead their own remediation efforts. "We strongly encourage them to implement updates immediately to ensure the security of their environments," said a GitLab spokesperson.
