Cryptocurrency exchange Gemini has issued a warning about a data breach incident that resulted from a cyberattack at its Automated Clearing House (ACH) service provider. The identity of the attacker was kept confidential. On June 26, 2024, the American cryptocurrency exchange started notifying the affected parties.
However, a sample of the letters was sent to the California Attorney General's Office yesterday. The warning states that between June 3 and June 7, 2024, an unauthorised actor gained access to Gemini's vendor's systems, resulting in a third-party data breach.
The incident impacted some of Gemini's customers' banking details, including their full name, bank account number, and routing number, which Gemini utilized for ACH fund transfers.
According to the cryptocurrency exchange, the systems of the service provider did not host or compromise any additional information, including date of birth, physical address, social security number, email address, phone number, username, or password.
The data breach incident has been contained, and an outside team of experts is assisting with the inquiry. But as of right now, no other details are available. Recipients of the notices are urged to watch out for any suspicious activity using any of the data disclosed and to be on the lookout for incoming messages.
In order to safeguard against future hacks, users are also advised to activate multi-factor authentication on the bank accounts they gave Gemini and get in touch with their bank to request the implementation of additional safety precautions or a new account number.
If suspected or unauthorised activity is identified on the impacted bank account, notify the banks immediately. Gemini also suggests that letter recipients consider placing scam alerts or security freezes on their credit reports, but it has not provided any identity theft protection services to the affected individuals. Gemini issued a statement following publication, stating that the incident impacted 15,000 individuals.
"The incident at a third party involved information of approximately 15K Gemini customers," Gemini stated. "Although we notified the customers involved out of an abundance of caution, our analysis found no evidence of customer impact.”
