- Coinbase’s recent disclosure of a $400 million breach is raising concerns about when it discovered the breach
- Coinbase breach is linked to employees of a US outsourcing company named TaskUs
Coinbase Global filed a complaint recently with the SEC on May 14 regarding a threat email it received from unknown actors. The email demanded a maximum of $400 million for not disclosing the customer information it obtained in unauthorized ways. Coinbase seems to have prior knowledge of the customer data breach in January but only realized it was part of a larger campaign after receiving the email.
A Reuters report revealed that the Coinbase exchange knew of the data breach way back in January 2025. One part of this bigger breach involved an India-based employee of the TaskUs company. Reportedly, the employee was found taking pictures of the customer data using her personal phone from her work computer.
Two of the TaskUs employees seemed to feed the Coinbase customer information to hackers in exchange for bribes. This incident has led to the layoff of around 300 TaskUs employees and even drew media attention in India.
Coinbase Didn’t Disclose the Data Breach Due to Security Concerns
In its recent filing, Coinbase stated that the malicious actors have basic customer information and do not have any critical data like passwords or private keys. The data breach included the following information:
- Name, address, phone, and email address
- Masked social security numbers (last 4 digits)
- Masked bank account numbers and account identifiers
- Government-ID images
- Account data
- Limited corporate data
Coinbase further said,
“The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.”
Coinbase also admitted that it detected some employees accessing data in the previous months and immediately fired the people involved with these data breaches. However, Coinbase didn’t assume it would lead to a larger data breach campaign that comes back at it, demanding funds.
The exchange expressed its belief in law enforcement and said it has not paid the threat actor yet. This incident highlights the risk of outsourcing a firm’s tasks to other companies. It not only exposes customer data but also impacts the overall reputation of such a high-reputed crypto exchange firm.
Highlighted Crypto News Today:
Ethereum Foundation Lays Off Staff as Part of Restructuring Plans
