Driver’s license numbers, addresses leaked in 2024 bitcoin ATM company breach

Cryptocurrency ATM company Bitcoin Depot said more than 26,000 people had sensitive data in a batch of information stolen during a cyberattack about one year ago. 

The company said it completed its investigation into the incident on July 18, 2024, but waited until this week to notify affected customers because an unnamed federal law enforcement agency only finished its own inquiry last month.

According to regulatory filings in Maine and Massachusetts, 26,732 people had their name, phone number, address, email and driver’s license number leaked during the attack. 

Bitcoin Depot says it operates the largest global network of bitcoin ATMs and has allowed people to buy the cryptocurrency  with cash since 2016. The Atlanta-based company has more than 8,000 ATMs across North America and reported $164.2 million in revenue for the first quarter of 2025. 

Identity theft protections were not offered to victims of the Bitcoin Depot breach, likely because Social Security numbers were not involved. 

Cryptocurrency ATMs have long faced backlash for facilitating crime and other issues. On Wednesday, New Zealand banned cryptocurrency ATMs entirely.

Another bitcoin ATM company, Byte Federal, notified customers of a similar data breach in December. Nearly 60,000 customers had personal information stolen during the attack.

In May, crypto trading giant Coinbase was hacked, exposing the personal information of nearly 70,000 people. The Coinbase breach caused outrage due to an increase in kidnappings and violence involving those in the cryptocurrency industry. 

Last month, masked kidnappers attacked the daughter of a French crypto CEO in Paris and several other incidents have come to light in recent months. Michael Arrington, the founder of TechCrunch and Arrington Capital, said the Coinbase incident exposed crypto owners’ home addresses and “will lead to people dying.” 

“It probably has already,” he added.