On December 16, 2024, the Vermont Office of the Attorney General disclosed a security breach affecting Byte Federal, a cryptocurrency ATM operator. The incident occurred on November 18, 2024, when an unauthorized bad actor exploited a third-party software vulnerability to gain access to the company’s systems. The breach exposed customer personal information, including names, birthdates, and Social Security numbers. While the data was potentially accessed, there is no current evidence that the information was misused, stolen, or compromised in a way that led to fraud or financial harm. The attack was attributed to a vulnerability in external software rather than a direct breach of Byte Federal’s core infrastructure. The company has not confirmed whether ransomware was involved, and no operational disruptions or broader systemic impacts were reported. Authorities and Byte Federal are likely investigating the scope of the exposure and implementing measures to prevent future incidents.
Source: https://ago.vermont.gov/document/2024-12-16-byte-federal-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/bytefederal
"id": "byt1007091725",
"linkid": "bytefederal",
"type": "Breach",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'name': 'Byte Federal', 'type': 'Organization'},
{'industry': 'Government',
'location': 'Vermont, USA',
'name': 'Vermont Office of the Attorney General',
'type': 'Regulatory Body'}],
'attack_vector': 'Exploitation of Third-Party Software Vulnerability',
'data_breach': {'data_exfiltration': 'Potential (No Evidence of Actual '
'Exfiltration)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII)',
'type_of_data_compromised': ['Personal Information (Names, '
'Birthdates, Social Security '
'Numbers)']},
'date_detected': '2024-11-18',
'date_publicly_disclosed': '2024-12-16',
'description': 'On December 16, 2024, the Vermont Office of the Attorney '
'General reported that Byte Federal experienced a security '
'breach on November 18, 2024, due to unauthorized access by a '
'bad actor exploiting a third-party software vulnerability. '
'The breach potentially involved customer personal information '
'such as names, birthdates, and social security numbers, but '
'there is currently no evidence that this information was '
'compromised or misused.',
'impact': {'data_compromised': ['Potentially: Names, Birthdates, Social '
'Security Numbers'],
'identity_theft_risk': 'Potential (No Evidence of Misuse)'},
'initial_access_broker': {'entry_point': 'Third-Party Software Vulnerability',
'high_value_targets': ['Customer Personal '
'Information']},
'investigation_status': 'Ongoing (No Evidence of Data Misuse as of '
'Disclosure)',
'post_incident_analysis': {'root_causes': 'Exploitation of Third-Party '
'Software Vulnerability'},
'references': [{'date_accessed': '2024-12-16',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public Disclosure via Vermont AG '
'Office'},
'threat_actor': 'Bad Actor (Unspecified)',
'title': 'Byte Federal Security Breach (November 2024)',
'type': 'Data Breach (Unauthorized Access)'}