Gemini reports a data breach due to a cyberattack on its ACH service provider, whose name remains undisclosed

Continue reading

A security researcher demonstrated how three patched OpenClaw vulnerabilities can be chained from a WhatsApp message to achieve credential theft, sandbox escape, and host-level code execution, exposing architectural risks in AI agents.
Gemini, a prominent cryptocurrency exchange, recently alerted its users about a significant data breach involving its Automated Clearing House (ACH) service provider. This Threatfeed explores the incident in detail, emphasizing the technical nuances, potential impacts, and security measures recommended by Gemini.
Date of Incident: June 3-7, 2024 Notification Date: June 26, 2024 Scope of Breach: Banking information of Gemini customers Information Exposed: Full name, bank account number, routing number Information Safe: Date of birth, physical address, social security number, email address, phone number, username, password
Gemini's ACH service provider experienced a security incident where an unauthorized actor gained access to the vendor's internal systems. This breach led to the exposure of certain transactional data, specifically the banking information required for ACH fund transfers.
Upon discovering the breach, the service provider initiated immediate containment measures and engaged external forensic experts to conduct a thorough investigation. Law enforcement agencies were also notified to assist in the investigation.
Gemini has advised affected users to:
Gemini suggests further actions to enhance user security:
In 2022, Gemini experienced another data breach involving a third-party vendor, which exposed the contact details of 5.7 million users. This earlier incident highlights the ongoing challenges of securing third-party services in the cryptocurrency industry.

Millions of driver's license records were exposed in a massive data breach, raising identity theft risks and highlighting critical data security failures.