US Cryptocurrency Exchange Gemini Reveals Supply Chain Breach
A cryptocurrency exchange based in the United States, Gemini, recently disclosed a supply chain breach that resulted in the compromise of personal and banking information belonging to thousands of its customers. The breach notification letters were made public on the website of the California Office of Attorney General (OAG).
Details of the Breach
Gemini stated that their banking partner informed them about a subset of customers whose banking information was potentially impacted by the incident. An unauthorized actor gained access to an internal collaboration tool on the bank partner’s system, leading to the potential disclosure of transactional data between June 3 and June 7, 2024. Affected information included customers’ names, bank account numbers, and routing numbers used for fund transfers.
The exchange clarified that sensitive information like date of birth, home address, email address, social security number, phone number, username, and password were not compromised. Gemini reassured customers that their account information and systems remained unaffected by the third-party incident, emphasizing that there was no compromise to the security of Gemini systems.
Protecting Customers
Despite the limited impact on sensitive data, Gemini advised customers to monitor their bank accounts for any unusual activity, enable multi-factor authentication (MFA) for added security, stay vigilant against phishing scams that may reference the stolen information, and consider requesting a new account number from their bank as a precautionary measure.
According to the exchange, approximately 15,000 customers were affected by the supply chain breach. While all impacted customers were notified as a precaution, Gemini’s internal analysis did not find any evidence of actual customer harm resulting from the incident.
Previous Incident
This is not the first time Gemini has faced a supply chain breach. In 2022, the company disclosed a similar incident that exposed email addresses and partial phone numbers of millions of customers. Despite these challenges, Gemini remains committed to enhancing its security measures to safeguard customer data and prevent future breaches.