Bitcoin ATM operator CoinFlip breach exposes thousands


CoinFlip, a Bitcoin ATM operator and owner of the financial services app Olliv, fell victim to a hacker attack that exposed over 36,000 of the company’s clients.

The attack took place in early August after a threat actor compromised a CoinFlip employee’s account and accessed its systems, the company said.

CoinFlip operates in over 4,000 locations in the US, spanning 49 states. Meanwhile, its affiliate, Olliv, boasts over 400,000 crypto customers.

According to a breach notification letter, which CoinFlip sent to impacted customers in late September, a forensic investigation concluded that attackers roamed the company’s systems for less than a day.

However, attackers may have gained access to systems that contained personal user data such as full names, dates of birth, and either driver’s licenses, state-issued identification cards, or passport numbers.

The breach notification says that the attack impacted 36,646 individuals.

Having passport data exposed puts individuals at risk of identity theft. Cybercriminals could use the stolen information to impersonate victims, and attempt to gain unauthorized access to their accounts.

CoinFlip’s breach notification letter doesn’t indicate whether the company will offer any identity theft protection or credit monitoring services to affected individuals. Typically, breached companies offer complementary protection to individuals whose data was involved in hacker attacks.

We contacted CoinFlip via the Olliv press team for clarification but did not receive a reply before publishing.


More from Cybernews:

New England Biolabs leak sensitive data

Bomb threat in food delivery robots at Oregon State University

Meta's Instagram linked to depression, anxiety, insomnia in kids - US states' lawsuit

Thousands of websites vulnerable to account takeover, security specialists warn

By attacking Wikipedia, Musk is lambasting the nonprofit bastion of hard facts

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked