177% up to 5BTC + 77 Free Spins!
New players only. Exclusive Welcome Bonus of 177% + 77 Free Spins
The recent data breach at Coinbase has been linked to an employee working for the U.S.-based outsourcing firm TaskUs in India. According to a Reuters investigation, the breach originated from within a support team and led to a failed extortion attempt against the crypto exchange.
Good to know
The security incident dates back to January, according to sources cited by Reuters. An India-based TaskUs employee allegedly used a personal phone to photograph data from her work computer, reportedly under instruction from hackers who had paid her. The employee is believed to have had at least one accomplice.
Three former TaskUs workers and one person familiar with the investigation said Coinbase was informed promptly. However, the broader public became aware only after a Bitcoin ransom demand surfaced last month. Hackers contacted Coinbase threatening to leak the stolen data unless they received a $20 million payout.
Coinbase has confirmed that the compromised data relates to less than 1% of its active monthly users. Based on a filing with the Maine Attorney General’s Office, the breach affected 69,461 individuals. Stolen information includes names, email addresses, phone numbers, and masked social security and bank account numbers. Some government-issued IDs and limited corporate data were also exposed.
The company refused to pay the ransom and instead began taking steps to contain the damage. Coinbase estimates it will spend between $180 million and $400 million on customer support, reimbursements, and cleanup costs.
In response, Coinbase ended its relationship with the TaskUs personnel involved, along with other overseas support agents. A company spokesperson told Reuters that controls have been tightened to prevent future insider threats.