Coinbase Aware of Data Breach Since January, Report Reveals
None
<p><img decoding="async" src="https://image-optimizer.cyberriskalliance.com/unsafe/1920x0/https://files.cyberriskalliance.com/wp-content/uploads/2024/08/AdobeStock_730400135.jpg" alt="Adobe Stock"></p><p><em>Image courtesy of SC Media</em></p><p>Major U.S. cryptocurrency exchange <a href="https://www.scworld.com/brief/over-69k-hit-by-coinbase-breach" rel="noopener">Coinbase</a> has been linked to a significant customer data leak involving outsourcing firm <a href="https://www.taskus.com/" rel="noopener">TaskUs</a> and its Indian employees. This breach, which may cost Coinbase up to $400 million, was reportedly known to the company since January. According to <a href="https://www.reuters.com/sustainability/boards-policy-regulation/coinbase-breach-linked-customer-data-leak-india-sources-say-2025-06-02/" rel="noopener">Reuters</a>, the incident involved an Indian employee who shared photos of customer data from work computers in exchange for bribes, leading to the termination of over 200 TaskUs workers.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&utm_source=do&utm_medium=referral&utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>TaskUs stated that they had let go of two employees for unauthorized access to client data. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client," the company noted in their statement.</p><h1>Coinbase Aware of Data Breach Since January</h1><p><img decoding="async" src="https://www.pymnts.com/wp-content/uploads/2025/06/Coinbase-breach.jpg?w=768" alt="Coinbase Breach"></p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="0a3077e55f437637e8805369-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="0a3077e55f437637e8805369-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><em>Image courtesy of PYMNTS</em></p><p>Reports indicate that Coinbase was aware of the <a href="https://mojoauth.com/blog/category/data-breach/">data breach</a> as early as January but only disclosed it publicly in May. The breach involved contractors accessing data improperly, which Coinbase stated in its <a href="https://www.sec.gov/" rel="noopener">SEC filing</a>. The situation escalated when Coinbase received an extortion demand on May 11, which involved cybercriminals convincing insiders to leak data to cover up the breach. Coinbase refused to pay the $20 million ransom and instead terminated the involved employees, referred them to law enforcement, and initiated new customer safeguards.</p><p>The breach has raised serious concerns regarding customer data security, especially as attackers used the stolen data to impersonate Coinbase and trick customers into handing over cryptocurrency. To mitigate the fallout, Coinbase announced it would reimburse those affected. According to the SEC filing, the cybersecurity incident could potentially cost the company between $180 million and $400 million in remediation costs.</p><h1>Details of the Breach</h1><p>The data compromised during the breach included names, addresses, emails, account balances, masked bank details, and partial Social Security numbers. However, it is confirmed that private keys and passwords were not accessed, and Coinbase’s Prime accounts remained unaffected. </p><p>The breach's primary suspect was an employee from TaskUs caught taking unauthorized photographs of sensitive data. The situation prompted Coinbase to cut ties with involved personnel and enforce stricter controls over its data security.</p><p>In light of these events, the U.S. Department of Justice is investigating the data breach. Coinbase also recently joined the S&P 500 index and is set to acquire the crypto options platform Deribit for $2.9 billion. For businesses looking to enhance security and protect customer data, integrating passwordless authentication solutions, such as those offered by <a href="https://mojoauth.com/">mojoauth</a>, can provide a more secure and user-friendly experience.</p><p>For further information on managing customer identities and access management, consider exploring <a href="https://mojoauth.com/">mojoauth's services</a>.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://mojoauth.com/blog">MojoAuth – Go Passwordless</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Gopal Gehlot">Gopal Gehlot</a>. Read the original post at: <a href="https://mojoauth.com/blog/coinbase-aware-of-data-breach-since-january-report-reveals/">https://mojoauth.com/blog/coinbase-aware-of-data-breach-since-january-report-reveals/</a> </p>