Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed.
The American crypto exchange began sending notices to impacted individuals a month ago, on June 26, 2024 but submitted a sample of the letters yesterday to the Attorney General’s Office in California.
According to the notification, Gemini suffered a third-party data breach when an unauthorized actor breached its vendor’s systems between June 3 and June 7, 2024.
The incident affected some of Gemini’s customers’ banking information, including their full name, bank account number, and routing number, which Gemini used for ACH fund transfers.
The crypto exchange says that no other information, such as date of birth, physical address, social security number, email address, phone number, username, or password, was hosted on the service provider’s systems, and were not compromised.
The data breach incident is now contained, and an investigation aided by external experts is underway. However, no other information has been made available at this point.
The notifications’ recipients are advised to remain vigilant about incoming communications and look for signs of fraud that uses part of the exposed information.
Moreover, people are told to enable multi-factor authentication on the bank accounts they provided to Gemini to prevent potential hacks, and contact their bank to ask for the activation of additional protection measures or a new account number.
If suspicious or unauthorized activity is detected on the impacted bank account, it should be reported to the banks immediately.
Gemini also recommends that letter recipients consider placing fraud alerts or security freezes on their credit reports but has not offered the impacted individuals any identity theft protection services.
Gemini shared a statement after publishing saying that 15,000 people were impacted by the incident
“The incident at a third party involved information of approximately 15K Gemini customers,” Gemini told BleepingComputer
“Although we notified the customers involved out of an abundance of caution, our analysis found no evidence of customer impact.”
In 2022, Gemini suffered a massive data breach from a third-party vendor, who exposed the contact details, including email addresses and phone numbers of 5.7 million of its users.
The stolen database was offered for sale on the dark web and later leaked for free on hacking forums.
Update 7/27/24: Added statement from Gemini.
Information contained on this page is provided by an independent third-party content provider. This website makes no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact editor @americanfork.business
