Bitcoin Depot, Inc., a major provider of Bitcoin ATMs and cryptocurrency kiosks across the United States, has disclosed a significant data breach that has compromised the personal information of approximately 27,000 users.
The company began notifying affected customers this week, revealing that the breach occurred over a year ago, but notification was delayed at the request of federal law enforcement agencies conducting an ongoing investigation.
Incident Uncovered After Year-long Federal Investigation
The incident was first detected on June 23, 2024, when Bitcoin Depot’s IT security team identified suspicious activity within its information systems.
The company immediately launched a forensic investigation, enlisting external cybersecurity experts to determine the scale and impact of the unauthorized access.
By July 18, 2024, the full extent of the breach had been confirmed: an unknown threat actor had successfully exfiltrated customer data, including names, phone numbers, driver’s license numbers, and, in some cases, street addresses, dates of birth, and email addresses.
According to Bitcoin Depot, the company was unable to inform users of the breach sooner due to instructions from federal law enforcement.
The FBI and other agencies requested the company withhold public notification until the criminal investigation concluded, stating public disclosure could undermine investigative efforts.
Clearance to notify customers was finally given on June 13, 2025, over eleven months after the initial detection.
Bitcoin Depot emphasized in its communication that, as of now, there is no evidence of misuse of the compromised customer data.
However, security experts warn that information such as driver’s license numbers, date of birth, and contact details poses a heightened risk for identity theft, phishing, and fraud schemes, especially given the long delay in notification.
Sensitive Customer Information Exposed
In response to the breach, Bitcoin Depot has reportedly implemented a suite of enhanced security measures, including upgraded threat detection, stricter access controls, and expanded employee training on data protection.
The company is also working closely with law enforcement and cybersecurity professionals to monitor for potential misuse of the exposed information.
Affected customers are being advised to remain vigilant for signs of identity theft or financial fraud, and to monitor their credit reports regularly.
The company’s notification includes detailed instructions on how to obtain free annual credit reports, place fraud alerts, and institute security freezes with all three nationwide credit bureaus Equifax, Experian, and TransUnion.
Bitcoin Depot has established a dedicated helpline for customer inquiries, available weekdays for the next 90 days.
For residents of states including Iowa, Oregon, New Mexico, and Rhode Island where additional consumer protections apply Bitcoin Depot’s notice emphasizes the importance of reporting suspected identity theft to local law enforcement, the state attorney general’s office, and the Federal Trade Commission (FTC).
The company’s communication also directs customers to FTC resources explaining their rights under the Fair Credit Reporting Act (FCRA) and offers guidance for placing fraud alerts or freezes on credit files.
This breach underscores the persistent risks facing both customers and companies in the rapidly expanding cryptocurrency sector, where large volumes of sensitive personal information are concentrated and often targeted by sophisticated threat actors.
While Bitcoin Depot expresses regret and asserts its commitment to data security, the incident highlights the challenges firms face in balancing law enforcement cooperation with timely disclosure to affected individuals.
As investigations continue and security measures are reinforced, the company urges users to take proactive steps in safeguarding their personal data against potential misuse.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
