Key Takeaways
Byte Federal is facing potential legal action after acknowledging that thousands of customers’ personal data was compromised by a recent data breach.
After detecting suspicious activity within its systems, the Bitcoin (BTC) ATM operator placed the blame on a Gitlab vulnerability that allowed unauthorized access to one of its servers.
In a notice dated Nov. 27, Byte Federal admitted that a hacker gained access to the server on Nov.18 by exploiting a vulnerability in GitLab, a third-party software platform used for project management and collaboration.
“Upon discovery of the incident, our team immediately shut down our platform, isolated the bad actor, and secured the compromised server,” the notice read.
It added that the firm had updated all of its internal passwords and brought in an external cybersecurity team to determine the cause and the scope of the incident.
Customer personal information that may have been compromised includes names, birthdates, addresses, phone numbers, email addresses, social security numbers, transaction data and photographs of users.
However, Byte Federal said it was still assessing which, if any, of this information was actually accessed.
The company urged customers to reset their login credentials and remain vigilant against fraud and identity theft.
In the wake of the Byte Federal data breach, the law firm of Edelson Lechtzin is considering taking up the case and bringing a class action lawsuit for privacy violations.
Specialist in data breach litigation, the firm has brought dozens of similar cases against firms for failing to protect clients’ personal information.
In a statement on Thursday, Dec. 12, Edelson Lechtzin invited up to 58,000 Byte Federal customers, who may have been affected by the data breach, to join the suit.