Coinbase Knew About Customer Data Leak in January Linked to $400 Million Breach

Cryptocurrency exchange Coinbase reportedly knew as early as January about a customer data leak involving a third-party outsourcing company, according to six people familiar with the matter. The leak is part of a much larger breach that could cost the company up to $400 million.

The incident centers around TaskUs, a U.S.-based outsourcing company with operations in India. According to five former TaskUs employees, an India-based staff member in the city of Indore was caught taking photos of sensitive customer data on her work computer using her personal phone. She and a suspected accomplice were allegedly feeding Coinbase customer information to hackers in exchange for bribes.

Three former TaskUs employees and another source said Coinbase was notified about the incident immediately after it happened.

Soon after, more than 200 TaskUs employees were fired in a mass layoff that gained attention in Indian media. Coinbase later blamed “support agents overseas” for the data breach and estimated it could cost the company up to $400 million.

Although a lawsuit filed last week in a U.S. court had already suggested a link between TaskUs and the breach, new details raise serious questions about when Coinbase actually learned about the incident.

In a May 14 filing to the U.S. Securities and Exchange Commission (SEC), Coinbase admitted that contractors had accessed employee data “without business need” in earlier months. But it claimed it only realized the breach was part of a larger cyberattack after receiving an extortion demand on May 11.

In a statement to Reuters, Coinbase said it had recently discovered the incident and responded by ending its relationship with the involved TaskUs employees and other foreign support agents. The company also said it had strengthened its security controls.

TaskUs also issued a statement confirming that two employees were fired earlier this year for illegally accessing client data. Although TaskUs did not name Coinbase, a source confirmed that Coinbase was the affected client.

TaskUs stated that the two fired employees were believed to be part of a “broader, coordinated criminal campaign” targeting Coinbase, which also impacted other service providers.

Police in Indore have not commented on the matter, and it’s unclear if any arrests have been made so far.