close
close

Gemini data breach highlights risks in cryptocurrency sector

Posted on by angelo
Gemini data breach highlights risks in cryptocurrency sector

Cryptocurrency exchange Gemini has disclosed a data breach incident that occurred due to a cyberattack on its Automated Clearing House (ACH) service provider. The U.S. cryptocurrency exchange began notifying individuals of the Gemini data breach on June 26, 2024, and recently submitted a sample of these letters to the California Attorney General’s Office.

According to the notice, the Gemini data breach occurred between June 3 and June 7, 2024, when an unauthorized actor gained access to Gemini’s provider’s systems. “We are writing to inform you that one of Gemini’s third-party ACH banking partners has recently become aware of a security incident involving one of its service providers,” the official notice states.

This banking partner is responsible for facilitating the transfer of funds from Gemini wallets to customers’ bank accounts and processing certain Gemini customer data during the process.

Gemini Data Breach: What Happened?

Gemini’s banking partner reported that a subset of some Gemini customers’ banking information may have been compromised in the incident. The cryptocurrency exchange’s data breach involved unauthorized access to an internal collaboration tool on the banking partner’s system, which could lead to the exposure of transactional data. Specifically, information such as customer names, bank account numbers, and routing numbers may have been affected.

However, Gemini assures that no other sensitive information, including dates of birth, addresses, social security numbers, email addresses, phone numbers, usernames or passwords, was compromised. Additionally, Gemini account information and systems remained secure and were not affected by this third-party incident.

What Gemini Cryptocurrency Exchange Does

Upon learning of the breach, Gemini’s banking partner immediately launched an investigation and implemented measures to contain the incident. The bank engaged external experts to conduct a thorough investigation, which is still ongoing. In addition, law enforcement authorities have been notified of the incident.

What affected customers can do

Gemini advises affected customers to take the following actions:

  • Contact your bank: Learn about steps you can take to protect your account, including getting a new account number.
  • Enable multi-factor authentication: Enable this feature on the bank account you provided to Gemini.
  • Monitor account statements: Review your account statements carefully and report any unauthorized activity to your financial institution.
  • Stay alert: Be aware of scams that may exploit knowledge of your financial data.

Check your bank statements and report any suspicious activity to law enforcement

Gemini recommends that customers remain vigilant by regularly reviewing their account statements and credit reports. “If you detect any suspicious activity, promptly notify the financial institution or business involved. Any suspected fraudulent activity or identity theft should also be reported to law enforcement authorities, including your state attorney general and the Federal Trade Commission (FTC),” Gemini advises.

Obtain and monitor your credit report

Consumers are advised to obtain a free copy of their credit report from each of the three major credit reporting agencies once every 12 months by visiting annualcreditreport.com, calling toll-free 877-322-8228 or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, PO Box 105281, Atlanta, GA 30348.

Consider freezing your credit report

In some U.S. states, consumers have the right to place a freeze on their credit file to prevent new credit from being opened without a PIN. This can delay getting credit, but it can be crucial in preventing fraud. A fee of up to $10 may be charged to freeze, lift, or remove a freeze, though some states have lower fees.

To place a security freeze, you may need to provide identifying information, including your full name, Social Security number, date of birth, current and previous addresses, a government-issued ID, a recent utility bill, bank statement or insurance statement, and, if applicable, a copy of a police report or complaint filed with law enforcement.

Conclusion

Gemini’s proactive steps to notify affected customers and provide comprehensive guidance on protecting their financial information reflect the company’s commitment to security and customer service. While Gemini’s data breach originated from a third-party service provider, Gemini is working diligently to mitigate any potential damage and protect its customers’ data.