The Target: Byte Federal operates 1,356 Bitcoin ATMs in the US, accounting for 4.3% of all crypto ATMs in the country.
The Take: The potentially exposed data included names, dates of birth, addresses, phone numbers, email addresses, government-issued IDs, social security numbers, transaction activity and photographs of users.
The Vector: Byte Federal said it had discovered the attack on Nov. 18, more than 30 days after it occurred on Sept. 30, with a bad actor exploiting a vulnerability in software provided by a third party.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.