Bitcoin ATM operator Byte Federal is notifying 58,000 people that their personal information might have been compromised in a data breach.

Discovered on November 18, the hack occurred after threat actors exploited a vulnerability in the GitLab collaboration platform to access one of its servers.

To contain the incident, Byte Federal shut down its platform, hard reset all customer accounts, updated all internal passwords, tokens, and keys, and updated its password management system.

According to the company, the threat actors potentially targeted personal information such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, government ID numbers, user photographs, and transaction activity details.

In an incident notice (PDF) on its website, Byte Federal said that no user funds or assets were compromised and that its investigation into whether data was indeed stolen continues.

“We have no evidence at this time that any of your personal information was actually compromised or misused in any manner. Nonetheless, we are taking precautionary measures to ensure the security of your data and to help alleviate any concerns you may have,” the company said.