Cryptocurrency exchange Coinbase to pay customers $ 400 million due to large-scale data breach

Cryptocurrency exchange Coinbase has suffered a large-scale data breach that affected more than 69 thousand users. According to new court documents, the leak was caused by an employee of the Indian outsourcing call center TaskUs. She took pictures of company computers and transmitted the images with personal data to third parties.

According to the investigation, the attacker, named Ashita Mishra, did not act independently but was part of an «extensive conspiracy» involving other TaskUs employees who did not know about each other. This made it possible to export confidential information for a long time, even if some of the participants in the scheme were exposed.

The list of stolen data included names, addresses, phone numbers, emails, partially hidden social security numbers, disguised bank account details, as well as copies of government IDs, corporate data, and account information. In total, the leak included information of more than 10 thousand customers, as confirmed by the report of the Maine Attorney General.

Coinbase reported that it did not comply with the demands of the attackers, but plans to spend from $ 180 million to $ 400 million on measures to compensate users. The company noted that it has already terminated cooperation with TaskUs employees and other foreign contractors involved in the incident, and has strengthened internal controls.

According to Reuters, the incident occurred at the beginning of the year and is considered one of the largest data leaks in the cryptocurrency services industry. It has once again drawn attention to the security problem in the industry, which handles sensitive financial and personal information of millions of users worldwide.