A recent supply chain breach at a US-based cryptocurrency exchange, Gemini, has resulted in the exposure of personal and banking information belonging to a significant number of its customers. The breach notification letters were made public on the California Office of Attorney General (OAG) website, shedding light on the unfortunate incident.
According to Gemini, the breach occurred when an unauthorized actor gained access to an internal collaboration tool on the bank partner’s system, potentially compromising certain transactional data between June 3 and June 7, 2024. This breach led to the disclosure of sensitive information such as customers’ names, bank account numbers, and routing numbers used for transferring funds. Fortunately, other critical data like date of birth, home address, email address, social security number, phone number, username, and password remained unaffected.
Gemini assured its customers that no account information or systems were compromised as a result of the breach, emphasizing that the incident did not impact the security of Gemini’s systems. However, the exchange urged affected customers to remain vigilant by monitoring their bank accounts for any suspicious activity, enabling multi-factor authentication for enhanced security, being wary of potential phishing scams using the stolen information, and considering requesting a new account number from their bank.
The breach reportedly affected around 15,000 customers, although Gemini stated that their internal analysis revealed no evidence of customer impact. This isn’t the first time Gemini has faced a supply chain breach, as a similar incident in 2022 resulted in the compromise of email addresses and partial phone numbers of millions of customers.
As cybersecurity threats continue to evolve, it is crucial for cryptocurrency exchanges and their customers to prioritize data protection measures and remain proactive in safeguarding sensitive information. Stay updated on the latest developments in cryptocurrency security to mitigate the risks associated with potential breaches and unauthorized access.