Cryptocurrency exchange Gemini has disclosed a data breach incident that occurred due to a cyberattack on its Automated Clearing House (ACH) service provider. The American crypto exchange began notifying about the Gemini data breach impacting individuals on June 26, 2024 and recently submitted a sample of these letters to the Attorney General’s Office in California.
According to the notification, the Gemini data breach happened between June 3 and June 7, 2024, when an unauthorized actor accessed the systems of Gemini’s vendor. “We are writing to inform you that one of Gemini’s third-party ACH banking partners recently became aware of a security incident involving one of its service providers,” the official notice states.
This banking partner is responsible for facilitating the transfer of funds from Gemini wallets to customers’ bank accounts, and processing certain Gemini customer data in the process.
Gemini Data Breach: What Happened
Gemini’s banking partner reported that a subset of some Gemini customers’ banking information might have been compromised during the incident. The crypto exchange data breach involved unauthorized access to an internal collaboration tool on the bank partner’s system, potentially leading to the exposure of transactional data. Specifically, information such as customers’ names, bank account numbers, and routing numbers may have been affected.
However, Gemini assures that no other sensitive information, including dates of birth, addresses, social security numbers, email addresses, phone numbers, usernames, or passwords, was compromised. Moreover, Gemini account information and systems remained secure and unaffected by this third-party incident.
What Crypto Exchange Gemini is Doing
Upon learning about the breach, Gemini’s banking partner immediately launched an investigation and implemented measures to contain the incident. The bank engaged outside forensic experts to conduct a thorough investigation, which is still ongoing. Additionally, law enforcement authorities were notified about the incident.
What Affected Customers Can Do
Gemini advises impacted customers to take the following actions:
- Contact Your Bank: Inquire about steps to protect your account, including obtaining a new account number.
- Enable Multi-Factor Authentication: Enable this feature on the bank account you provided to Gemini.
- Monitor Account Statements: Closely review your account statements and report any unauthorized activity to your financial institution.
- Stay Vigilant: Be aware of scams that might exploit knowledge of your financial data.
Review Your Account Statements and Notify Law Enforcement of Suspicious Activity
Gemini recommends that customers remain vigilant by regularly reviewing account statements and credit reports. “If you detect any suspicious activity, promptly notify the relevant financial institution or company. Any fraudulent activity or suspected identity theft should also be reported to law enforcement authorities, including your state attorney general and the Federal Trade Commission (FTC),” inform Gemini.
Obtain and Monitor Your Credit Report
Customers are advised to obtain a free copy of their credit report from each of the three major credit reporting agencies once every 12 months by visiting annualcreditreport.com, calling toll-free 877-322-8228, or completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348.
Consider Placing a Security Freeze on Your Credit File
In some U.S. states, customers have the right to put a security freeze on their credit files, preventing new credit from being opened without the use of a PIN. This measure can delay the ability to obtain credit but can be crucial in preventing fraud. There may be a fee up to $10 to place, lift, or remove the freeze, although some states have lower fees.
To place a security freeze, you may need to provide identifying information, including your full name, Social Security number, date of birth, current and previous addresses, a state-issued ID, a recent utility bill, bank statement, or insurance statement, and, if applicable, a copy of a police report or a complaint filed with law enforcement.
Conclusion
Gemini’s proactive steps in notifying impacted customers and providing comprehensive guidance on protecting their financial information reflect the company’s commitment to security and customer care. While the Gemini data breach originated from a third-party service provider, Gemini is working diligently to mitigate any potential damage and safeguard its customers’ data.