Judge Signals Trimming Claims Against Bitcoin Depot Over 2024 Data Breach

Judge Signals Trimming Claims Against Bitcoin Depot Over 2024 Data Breach

News | March 11, 2026 By:

On Monday, March 2, 2026, Law360 reported that a Georgia federal judge indicated he is likely to narrow the scope of claims against Bitcoin Depot, a cryptocurrency ATM operator, concerning a 2024 data breach. The lawsuit alleges that the personal data of tens of thousands of American customers was compromised.

During a hearing addressing the company’s motion to dismiss, U.S. District Judge William M. Ray expressed skepticism regarding the claims of unjust enrichment and breach of fiduciary duty. These claims were brought forth by Quincey Hall, who alleged that Bitcoin Depot failed to adequately protect client data and delayed notifying affected individuals about the breach by over a year. Judge Ray stated he did not see sufficient grounds to support these claims, suggesting they lacked elements beyond a standard business transaction.

However, Judge Ray appeared hesitant to dismiss the core of Hall’s lawsuit, which accuses Bitcoin Depot of negligently protecting its systems. This hesitation remained even if the claimed damages were minimal.

Hall’s lawsuit, filed in August 2025, stems from a 2024 incident where hackers accessed Bitcoin Depot’s systems, extracting personal information from more than 26,000 users. Hall claims Bitcoin Depot detected suspicious network activity in June 2024 but did not begin notifying affected users until July 2025. This delay allegedly left users vulnerable to identity theft and fraud. Hall further contends that the cybersecurity failures have forced thousands of U.S. residents to take protective measures such as freezing credit, closing financial accounts, and monitoring credit reports.

Cindy D. Hanson, representing Bitcoin Depot, argued that the stolen data—names, phone numbers, and driver’s license numbers—posed little risk of identity theft. She also noted Hall had not claimed to be a victim of fraud. MaryBeth Gibson, representing Hall, countered that the stolen data could be used to obtain more sensitive information, such as Social Security numbers, and that hackers often delay using stolen data for malicious purposes.

Judge Ray downplayed the significance of Hall’s claims but acknowledged that damages could exist even without a subsequent break-in or fraud.

 

 

Source: Law360