Coinbase was reportedly aware as early as January of a customer data leak at an outsourcing firm, months before it publicly disclosed the breach that could cost the company up to $400m.
Reuters reported Wednesday that the leak originated from TaskUs, a US-based outsourcing provider with operations in India.
A female employee at the company’s Indore office was allegedly caught photographing her work computer with a personal mobile phone.
Former TaskUs employees were either briefed on the breach by company investigators or learned of it from coworkers who witnessed the incident. Coinbase, reportedly, was notified immediately.
Coinbase didn’t return Cryptonews’ request for comment by press time.
Mass Firing at TaskUs Follows Breach Tied to Coinbase Hack
The woman and a suspected accomplice were accused of selling Coinbase customer data to hackers in exchange for bribes. The breach, which was first made public in a May 14 SEC filing, compromised the information of nearly 70,000 users.
Stolen data included customer names, phone numbers, addresses, ID documents, account balances and transaction history. Internal company documents were also accessed.
More than 200 TaskUs employees were reportedly fired in the aftermath, a mass termination that drew local press coverage in India. TaskUs confirmed that two employees were dismissed early in the year for illegally accessing client data, though the company did not name Coinbase.
Coinbase is facing at least six class-action lawsuits after a major data breach involving bribed overseas support staff.#coinbase #lawsuithttps://t.co/d8dVrvb7zF — Cryptonews.com (@cryptonews) May 19, 2025
Coinbase Cut Ties With Overseas Agents After Vendor Breach
Coinbase, in its May SEC filing, admitted that contractors had accessed internal employee data without a business need in “previous months.” However, it said the breach only became apparent after it received an extortion demand on May 11.
The hackers allegedly demanded $20m in exchange for not leaking the stolen data. Coinbase refused to pay the ransom and instead announced a $20m bounty for information leading to those responsible.
In response, Coinbase said it terminated the TaskUs personnel involved, cut ties with other overseas agents, and implemented tighter controls. It has not publicly named the other foreign agents implicated.
The data breach, which began with unauthorized access in Dec. 2024, shows growing concerns over the security of outsourced customer support operations. Coinbase has estimated the financial fallout from the incident could fall between $180m and $400m.
The exchange is now dealing with investor lawsuits alleging they incurred substantial losses and damages because of the company’s misleading statements.
The post Coinbase Knew Customer Data Was at Risk in Vendor Hack Months Before Disclosure: Report appeared first on Cryptonews.
https://cryptonews.com/news/coinbase-data-breach-exchange-knew-of-vendor-hack-as-early-as-january/
