Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed.

The American crypto exchange began sending notices to impacted individuals a month ago, on June 26, 2024 but submitted a sample of the letters yesterday to the Attorney General’s Office in California.

According to the notification, Gemini suffered a third-party data breach when an unauthorized actor breached its vendor’s systems between June 3 and June 7, 2024.

The incident affected some of Gemini’s customers’ banking information, including their full name, bank account number, and routing number, which Gemini used for ACH fund transfers.

The crypto exchange says that no other information, such as date of birth, physical address, social security number, email address, phone number, username, or password, was hosted on the service provider’s systems, and were not compromised.

The data breach incident is now contained, and an investigation aided by external experts is underway. However, no other information has been made available at this point.

The notifications’ recipients are advised to remain vigilant about incoming communications and look for signs of fraud that uses part of the exposed information.

Moreover, people are told to enable multi-factor authentication on the bank accounts they provided to Gemini to prevent potential hacks, and contact their bank to ask for the activation of additional protection measures or a new account number.

If suspicious or unauthorized activity is detected on the impacted bank account, it should be reported to the banks immediately.

Gemini also recommends that letter recipients consider placing fraud alerts or security freezes on their credit reports but has not offered the impacted individuals any identity theft protection services.

BleepingComputer has contacted Gemini to ask about the number of impacted individuals, but we have not heard back by publication time.

In 2022, Gemini suffered a massive data breach from a third-party vendor, who exposed the contact details, including email addresses and phone numbers of 5.7 million of its users.

The stolen database was offered for sale on the dark web and later leaked for free on hacking forums.