Bitcoin Depot Data Breach Exposes Personal Info of Nearly 27,000 Customers

Bitcoin Depot, one of the largest bitcoin ATM operators in the United States, is notifying customers that a data breach that exposed their personal information collected during cryptocurrency transactions.

According to a notice sent to impacted individuals and seen by Bleeping Computer, Bitcoin Depot detected suspicious activity on their network on June 23, 2023. An internal investigation was completed nearly a year later, on July 18, 2024. However, due to a parallel police investigation, the company was told not to disclose the breach publicly until authorities concluded their own probe.

“Unfortunately, we were not able to inform you sooner due to an ongoing investigation,” Bitcoin Depot explained in the letter. “Federal law enforcement requested that Bitcoin Depot wait to provide you notice until after they completed the investigation.”

What Data Was Exposed?

The type of personal information exposed varies by individual, and may include:

• Full name
• Phone number
• Driver’s license number
• Home address
• Date of birth
• Email address

This kind of data aligns closely with the information cryptocurrency operators collect under Know-Your-Customer (KYC) procedures, a regulatory requirement under FinCEN compliance standards in the US.

The breach is estimated to have affected nearly 27,000 individuals. Bitcoin ATM advised them to:

• Be alert for phishing and fraud attempts
• Monitor account and crypto wallet activity regularly
• Consider placing a credit freeze with major credit bureaus

How to Stay Safe After a Crypto-Related Data Breach

If you’ve used a Bitcoin ATM or similar service recently, take the following steps to protect your digital and financial identity:

1. Scrutinize any emails or SMS messages asking you to provide financial data and credentials.
2. Use unique, strong passwords for your email and crypto exchange accounts.
3. Activate multi-factor authentication (MFA) wherever possible.
4. Review your credit report for unusual activity or unauthorized applications.
5. If you suspect a scam, use Bitdefender Scamio, a free AI tool that helps verify suspicious messages and links in seconds.
6. If you’re in the US, consider using Bitdefender’s Identity Theft Protection service. This service provides continuous monitoring of your identity, privacy, and credit status and sends Instant alerts when your personal information is at risk, alongside recovery assistance if you become a victim of identity theft.
7. Use Bitdefender Digital Identity Protection
   This service continuously scans the Dark Web and public data sources for indications that your name, email address, driver’s license number, or other personal information has been exposed. You’ll receive alerts and risk assessments in real time, along with clear guidance on what to do next.