Reuters reported on June 2 that Coinbase was aware of a customer data leak involving one of its outsourcing partners in India as early as January 2025.
The data breach was traced to an employee of Taskus, a US – based outsourcing company. The employee in India was caught taking pictures of customer information on her work computer with her phone and, along with an accomplice, is suspected of sharing the data with hackers for financial gain. Taskus confirmed that two employees were fired in early 2025 for illegally accessing client information, though it didn’t name Coinbase as the client.
Coinbase was reportedly notified immediately after the incident. However, the company didn’t publicly disclose the breach until May, after receiving an extortion demand on May 11. The delay in disclosure has sparked concerns among regulators and investors, and the breach is estimated to potentially cost the company up to $400 million in losses related to reimbursement and legal liabilities. In a statement to Reuters, Coinbase said it had ended its relationship with the involved Taskus workers and other overseas agents and had tightened its security controls.
Related topic:
