The Bitcoin ATM operator, CoinFlip recently filed a data breach notice with the official Vermont Government. The CoinFlip data breach notification was also shared with its customers in September this year. However, it was not reported in the media, also due to the absence of the same being claimed by a cybercriminal group.
This leaves speculations of a ransomware group trying to extort the firm in the time from which it was first detected in August to September when the CoinFlip data breach was emailed to its customers.
CoinFlip has one of the largest networks of Bitcoin ATMs by volume in the United States. The firm allows buying or selling Bitcoin and other cryptocurrencies with cash. They run the financial services app Ollive and have a presence in close to 50 states.
CoinFlip Data Breach Notice
The CoinFlip data breach notice stated that on August 7, 2023, an unauthorized third party accessed certain of its systems. The CoinFlip cyberattack was conducted via social engineering tactics, the notice further read.
The social engineering attack was aimed at a CoinFlip employee which resulted in the compromise of their account.
Information Impacted in the CoinFlip Security Breach
The CoinFlip notice signed by the firm’s Vice President General Counsel, Larry Lipka the data that was exposed to hackers was noted. Larry confirmed that the CoinFlip social engineering attack was discovered on August 8, 2023, a day after it took place.
This also ascertained that the presently unknown cybercriminals behind the social engineering attack compromising confidential data had access for a day. They were removed from the CoinFlip environment with the help of their IT team.
However, it is speculated that by that time, the cybercriminals managed to access personal data stored in certain systems.
The research-based online publication Cybernews which first reported the CoinFlip data breach noted that 36,646 individuals were impacted by the incident.
The investigation of the CoinFlip cyberattack shared that the following data was likely compromised in the incident:
- Full name
- Date of birth
- One of the following – Driver’s license, state-issued identification card, or passport number.
The investigation of the cyberattack concluded on September 21, 2023. The fate of the data exposed during the CoinFlip social engineering attack remains unknown.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.