Data Breach Lawsuit Against Byte Federal Among 1,500 Targeting Companies in 2024

A company that largely operates a network of Bitcoin ATMs is facing a series of multimillion-dollar class action complaints in a federal district court in Tampa over the harm it caused in the “preventable data breach” of its “inadequately protected computer network.”

Jonathan D. Bick, counsel at Brach Eichler in New Jersey and internet law visiting lecturer at Cornell University, noted that the concept of substantial compliance would likely be central to the litigation involving the prospective class against the defendant, Byte Federal Inc.

“Since neither statutes nor rules or regulations exist with respect to data breach, no recognized standards exist. The closest one can come is substantial compliance. Substantial compliance is an ever-changing standard,” said Bick, who is not involved in the matter. “As long as the jury knows you are doing more than most people, you are at least substantially in compliance.”

The case dates back to Nov. 18, when Byte detected suspicious activity on its computer network, which indicated a data breach, according to the complaint. Byte determined that cybercriminals infiltrated its secured computer environment and potentially accessed and copied files containing the sensitive personal information of 58,000 people.

The personal information accessed by the cybercriminals included names, dates of addresses, phone numbers, social security numbers, transaction information and photographs of the users, according to the complaint. However, despite the sensitivity of the personal information exposed, Btye failed to disclose the data breach to its customers for several weeks.

The plaintiffs, Olive Muriithi from Alabama and Stephanie Fischer from Arkansas, alleged Byte, a Florida corporation, owed a duty to them and to the potential class to disclose the information in a “timely and accurate manner when data breaches occurred” and would not have provided the leaked information had they known its systems were not adequately secured and protected.

Now, in the case before the U.S. District Court for the Middle District of Florida, Byte has become among the 1,500 federal data breach lawsuits filed in 2024, according to Law.com Legal Radar. The plaintiffs alleged that the prospective class is nationwide and has likely suffered in excess of $5 million in damages because of the theft of their personal information.

Byte did not respond to a request for comment. Neither did Jeff Ostrow, a partner at Kopelowitz Ostrow in Fort Lauderdale, Florida, who represents the plaintiffs.

“This data demands a much higher price on the black market,” the plaintiffs claimed in the complaints. “Martin Walter, senior director at cybersecurity firm RedSeal, explained, ‘Compared to credit card information, personally identifiable information and Social Security numbers are worth more than 10x on the black market.’”

While major corporations sustained data breaches in 2024, rising crypto companies were also hit. Among them are DMM Bitcoin, a crypto exchange attacked in May, resulting in a theft of 4,500 Bitcoin, which was then valued at $305 million. Byte is also facing a third lawsuit filed Tuesday by a plaintiff represented by Am Law 200 firm Milberg Coleman Bryson Phillips Grossman.

Joseph M. Kaye, a partner at the Moskowitz Law Firm in Coconut Grove, Florida, which is leading some of the most high-profile multidistrict litigation in the crypto field, said he foresees that crypto companies will continue to face hacking into 2025.

“It’s a new industry, but the cases are no different from the traditional cases we have seen,” Kaye said. “The bottom line is it is a data breach case that just happens to target a blockchain company. I’ve spoken to people in the industry and they have been concerned about data breaches for a few years.”

Read One of the Complaints: