Coinbase Data Breach Exposes 69,000 Users in $400 Million Incident

A court filing has disclosed details about a significant data breach at Coinbase, affecting over 69,000 users and causing $400 million in damages.

Ashita Mishra, an employee at TaskUs's Indore office in India, was identified as the insider responsible for stealing sensitive customer information starting September 2024.
Mishra allegedly photographed up to 200 customer records daily, including names, emails, addresses, bank account details, balances, and Social Security numbers.
Each record was sold to hackers for $200, leading to impersonation and fraud against Coinbase users.
The operation was described as a hub-and-spoke conspiracy involving TaskUs supervisors and team leaders.

TaskUs Allegations

The complaint accuses TaskUs of negligence, fraud, and suppressing the breach's extent.
Plaintiffs claim TaskUs fired 226 employees in Indore and dismantled its human resources investigation team to conceal the breach.
TaskUs allegedly failed to disclose the incident during its $1.6 billion acquisition by Blackstone, indicating a "pattern of concealment."

Coinbase stated that less than 1% of active users were impacted and took swift action once the breach was uncovered.
The company reimbursed affected customers, provided free credit monitoring and identity restoration services, and ended its relationship with TaskUs.
A $20 million bounty program was launched for information leading to arrests and convictions related to the breach.