News: 0177905027

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Coinbase Breach Linked To Customer Data Leak In India (reuters.com)

(Monday June 02, 2025 @11:30PM (BeauHD) from the behind-the-scenes dept.)


Coinbase reportedly knew as early as January about a customer data breach [1]linked to its outsourcing partner TaskUs , where an employee in India was caught leaking customer information in exchange for bribes. "At least one part of [2]the breach [...] occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone," reports Reuters, citing five former TaskUs employees. Though Coinbase [3]disclosed the incident in May after receiving an extortion demand, the newly revealed timeline raises questions about how long the company was aware of the breach, which could cost [4]up to $400 million . Reuters reports:

> Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were.

>

> TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.



[1] https://www.reuters.com/sustainability/boards-policy-regulation/coinbase-breach-linked-customer-data-leak-india-sources-say-2025-06-02/

[2] https://it.slashdot.org/story/25/05/15/1415242/coinbase-offers-20-million-bounty-to-catch-data-thieves-after-extortion-attempt

[3] https://www.sec.gov/Archives/edgar/data/1679788/000167978825000094/coin-20250514.htm

[4] https://yro.slashdot.org/story/25/05/20/2052220/coinbase-data-breach-will-lead-to-people-dying-techcrunch-founder-says


Sounds secure (Score:4, Insightful)

by viperidaenz ( 2515578 )

Coinbase believes the honesty of their outsourced subcontractors is enough to protect the financial information of their customers.

They had some untrustworthy subcontractors fired months after discovering they were stealing customer data.

They still outsource this trust, but now to a different set of subcontractors.

Someone should go to jail for this (Score:1)

by davidwr ( 791652 )

"Lust for blood" might suggest that everyone responsible all the way up the chain should face the electric chair, but realisticly, I'd settle for the employees and others directly involved in the data-theft/extortion go to prison. In particular, those who were directing the operation from the top and those who stood to gain the most need to receive the longest "free vacation" in their country's prison system.

As far as the companies involved: They were victims, but they were also failing to manage their bu

Re: (Score:2)

by Retired Chemist ( 5039029 )

Don't count on it. The pawns will no doubt go to jail or be disappeared to protect the people behind the operation. The people who organized the operation and undoubted will obtain most of any profit will probably never be caught or convicted.

Very few profundities can be expressed in less than 80 characters.