Bitcoin Depot data breach exposes personal information of over 26,000 individuals

Bitcoin ATM company Bitcoin Depot said a data security incident it suffered last year compromised the sensitive personal data of more that 26,000 individuals.

 

Headquartered in Atlanta, Georgia, Bitcoin Depot is a company that operates a large network of Bitcoin ATMs and also provides a service called BDCheckout for buying Bitcoin at retail locations.

 

In a data security incident filed with the Office of Maine Attorney General, Bitcoin Depot said that on June 23, 2024, it detected unusual activity within its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“On July 18, 2024, the investigation was complete, and we identified your personal information contained within documents related to certain of our customers that the unauthorised individual obtained. 

 

“Unfortunately, we were not able to inform you sooner due to an ongoing investigation. Federal law enforcement requested that Bitcoin Depot wait to provide you notice until after they completed the investigation. Law enforcement advised Bitcoin Depot on June 13, 2025, that their investigation was complete,” Bitcoin Depot said.

 

The compromised data included  names, phone numbers, addresses, dates of birth, email addresses, and driver’s license numbers. The filing with the Maine state regulator also states that the company had identified at least 26,732 individuals impacted by the incident.

 

“Bitcoin Depot is cooperating fully with law enforcement in relation to this incident. We take the security of all information in our systems very seriously, and we want to assure you that we’ve already taken steps to prevent a recurrence by enhancing security measures and security monitoring and increasing company awareness of data security protection,” the company added.

 

Bitcoin Depot has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Bitcoin Depot. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.