Cryptocurrency exchange Gemini has reported a data breach linked to a cyberattack on its Automated Clearing House (ACH) service provider. The breach, which occurred between June 3 and June 7, 2024, compromised the banking information of approximately 15,000 customers. This data included full names, bank account numbers, and routing numbers used for ACH transfers. However, no other personal information such as social security numbers, email addresses, or passwords were affected.
Gemini began notifying impacted individuals on June 26, 2024, and submitted a sample of these notifications to the Attorney General’s Office in California on July 24, 2024. The exchange has stated that the breach was contained and is currently under investigation with the help of external experts. While no evidence suggests a broader impact, the company has advised affected customers to remain vigilant against potential fraud.
To mitigate risks, Gemini has recommended that customers enable multi-factor authentication on their bank accounts and contact their banks for additional protection measures or to request new account numbers. Affected individuals are also advised to monitor their accounts for unauthorized activity and to consider placing fraud alerts or security freezes on their credit reports.
This breach follows a previous incident in 2022 where Gemini’s data from a third-party vendor was exposed, revealing contact details of 5.7 million users. Despite this history, Gemini emphasizes that there is no current evidence of further customer impact from the recent breach.
Reference: