Cryptocurrency exchange Gemini has disclosed a security breach resulting in the compromise of personal and banking information of thousands of its customers.

In a breach notification letter Gemini said that its partner experienced an incident involving some Gemini customers' banking information. The breach occurred between June 3 and June 7, 2024, when an unauthorized actor gained access to an internal collaboration tool on the bank partner’s system.

“Specifically, an unauthorized actor gained access to an internal collaboration tool on the bank partner’s system, which may have resulted in the potential disclosure of certain transactional data between June 3 and June 7, 2024. Unfortunately, information including your name, as well as the bank account number and routing number you provided to Gemini for transferring funds, may have been affected,” Gemini said.

The company said that other sensitive information, such as date of birth, home or email address, social security number, phone number, username, or password, was not compromised. Additionally, Gemini confirmed that no account information or systems belonging to the exchange were impacted by this third-party incident.

“No Gemini account information or systems were impacted as a result of this third-party incident, and the incident did not affect the security of any Gemini systems," the letter assured.

Despite the limited scope of the breach, Gemini advised affected customers to monitor their bank accounts for unusual activity, ensure multi-factor authentication (MFA) is enabled, watch out for phishing scams leveraging the stolen information, and consider requesting a new account number from their bank.

The exchange estimated that approximately 15,000 customers were affected by the breach. Gemini said that they notified the affected customers as a precautionary measure, although their analysis found no evidence of direct customer impact.