Byte Federal, one of the largest Bitcoin ATM operators in the U.S., said the personal data of thousands of customers may have been compromised during a recent breach.

In a filing with Maine’s attorney general, Florida-based Byte Federal said hackers tried to access the data of 58,000 customers, including names, addresses, phone numbers, government-issued IDs, Social Security numbers, transaction activity and user photographs. 

The company said the breach occurred on September 30 and was discovered by Byte Federal on November 18. It said an unnamed attacker gained access to the company’s network by exploiting a vulnerability in third-party software. The company said in a blog post in November that the bug was in the popular developer platform GitLab.

Byte Federal, which operates more than 1,200 Bitcoin ATMs — electronic kiosks that let you buy and sell cryptocurrencies — across the U.S., said it has since performed a hard reset on all customer accounts and updated its internal passwords.