.png)
Coinbase Knew About the Recently Disclosed Data Leak Since January: Report
Coinbase, which revealed last month that it had suffered a customer data leak, was aware of the breach as early as January, according to a report by Reuters. The crypto exchange estimates that the breach could cost up to US$400 million.The San Francisco-headquartered company previously stated that rogue overseas support agents accepted bribes to leak internal documents and data tied to a “small subset” of customer accounts. The attackers also demanded a US$20 million ransom from the exchange, which it refused to pay.India-Based Agent at the CentreThe latest report revealed that an India-based employee of the US outsourcing firm TaskUs was involved in at least one part of the breach. The employee was caught taking photographs of her work computer with her personal phone.The stolen data included names, addresses, emails, account balances, masked bank details, and partial Social Security numbers. Importantly, private keys and passwords were not accessed, and Coinbase confirmed that Prime accounts were unaffected.Coinbase was also notified immediately about the employee’s actions, according to three TaskUs employees and “a person familiar with the matter.”Former TaskUs employees said they were informed by company investigators or colleagues who witnessed the incident in Indore, India. According to them, a woman and an alleged accomplice were suspected of leaking Coinbase customer information to hackers in exchange for bribes.“We immediately reported this activity to the client,” TaskUs said in a statement, without naming Coinbase. “We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.”No More “Ties with the TaskUs Personnel Involved”Coinbase also confirmed to Reuters that it had “cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.”According to local media reports, TaskUs fired more than 300 employees in a mass layoff in January.Although Coinbase previously blamed “overseas agents” for the breach, it did not name TaskUs or specify India as the overseas location. A recent class action lawsuit filed in a New York court also established the link between TaskUs and the breach and raised questions about when the exchange first became aware of the issue.Meanwhile, the US Department of Justice (DoJ) has launched an investigation into the recent security breach at Coinbase. Additionally, the exchange was recently added to the S&P 500 index and has agreed to acquire crypto options platform Deribit for US$2.9 billion. This article was written by Arnab Shome at www.financemagnates.com.
Coinbase, which revealed last month that it had suffered a customer data leak, was aware of the breach as early as January, according to a report by Reuters. The crypto exchange estimates that the breach could cost up to US$400 million.
The San Francisco-headquartered company previously stated that rogue overseas support agents accepted bribes to leak internal documents and data tied to a “small subset” of customer accounts. The attackers also demanded a US$20 million ransom from the exchange, which it refused to pay.
India-Based Agent at the Centre
The latest report revealed that an India-based employee of the US outsourcing firm TaskUs was involved in at least one part of the breach. The employee was caught taking photographs of her work computer with her personal phone.
The stolen data included names, addresses, emails, account balances, masked bank details, and partial Social Security numbers. Importantly, private keys and passwords were not accessed, and Coinbase confirmed that Prime accounts were unaffected.
Coinbase was also notified immediately about the employee’s actions, according to three TaskUs employees and “a person familiar with the matter.”
Former TaskUs employees said they were informed by company investigators or colleagues who witnessed the incident in Indore, India. According to them, a woman and an alleged accomplice were suspected of leaking Coinbase customer information to hackers in exchange for bribes.
“We immediately reported this activity to the client,” TaskUs said in a statement, without naming Coinbase. “We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.”
No More “Ties with the TaskUs Personnel Involved”
Coinbase also confirmed to Reuters that it had “cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.”
According to local media reports, TaskUs fired more than 300 employees in a mass layoff in January.
Although Coinbase previously blamed “overseas agents” for the breach, it did not name TaskUs or specify India as the overseas location. A recent class action lawsuit filed in a New York court also established the link between TaskUs and the breach and raised questions about when the exchange first became aware of the issue.
Meanwhile, the US Department of Justice (DoJ) has launched an investigation into the recent security breach at Coinbase. Additionally, the exchange was recently added to the S&P 500 index and has agreed to acquire crypto options platform Deribit for US$2.9 billion. This article was written by Arnab Shome at www.financemagnates.com.
