A US-headquartered cryptocurrency exchange has revealed a supply chain breach which led to the compromise of personal and banking information belonging to thousands of its customers.
Breach notification letters from Gemini were posted to the website of the California Office of Attorney General (OAG).
“Our banking partner has notified us that a subset of some Gemini customers’ banking information was potentially impacted as part of the incident,” they revealed.
“Specifically, an unauthorized actor gained access to an internal collaboration tool on the bank partner’s system, which may have resulted in the potential disclosure of certain transactional data between June 3 and June 7, 2024. Unfortunately, information including your name, as well as the bank account number and routing number you provided to Gemini for transferring funds, may have been affected.”
Gemini was at pains to point out that the incident did not lead to the compromise of other sensitive information such as date of birth, home or email address, social security number, phone number, username or password.
“No Gemini account information or systems were impacted as a result of this third-party incident, and the incident did not affect the security of any Gemini systems,” the letter noted.
However, the crypto exchange did warn customers to monitor their bank accounts for unusual activity, ensure these accounts are protected by multi-factor authentication (MFA), look out for follow-on phishing scams which may cite the stolen information, and even consider asking their bank for a new account number.
A statement from the exchange claimed that around 15,000 customers were affected by the third-party breach.
“Although we notified the customers involved out of an abundance of caution, our analysis found no evidence of customer impact,” it said.
Back in 2022, the same company revealed another supply chain breach that led to the compromise of email addresses and partial phone numbers. Millions of customers were said to be affected at the time.