Coinbase Knew of Its Data Breach Months Before Disclosing: Reuters
Coinbase was informed in January about a data breach involving its contractor TaskUs, which was publicly disclosed in May. The breach originated from an India-based TaskUs employee who photographed her computer screen and allegedly sold user information to hackers. TaskUs terminated two employees for illegal access and stated the breach was part of a broader campaign against Coinbase. Hackers accessed customer names, addresses, masked bank details, and identity documents, but no funds or passwords were compromised. Coinbase received a $20 million ransom demand on May 11 and refused to pay, offering a bounty for information on the attackers instead. The breach affected less than 1% of users, leading Coinbase to sever ties with TaskUs and enhance internal controls. A shareholder lawsuit was filed, accusing Coinbase of failing to disclose the breach promptly. Following the disclosure, Coinbase's stock initially dropped 7% but later rebounded due to its inclusion in the S&P 500.
