In May, Coinbase disclosed a major data breach where hackers, aided by rogue employees at its outsourcing partner TaskUs, stole personal data of 69,000+ customers, including Social Security numbers and bank details. The breach originated from Ashita Mishra, a TaskUs employee in India, who systematically exfiltrated data (up to 200 customer records daily) from September 2024 to January 2025, selling it for $200 per screenshot to a criminal collective called *‘The Comm’* comprising teenagers and young hackers. The stolen data was used to impersonate Coinbase staff, tricking victims into transferring cryptocurrency. The breach, initially downplayed by Coinbase (which cited a December 2024 timeline), involved internal collusion, including team leaders and HR staff at TaskUs. Coinbase faces $400M in losses, regulatory scrutiny, and class-action lawsuits, while TaskUs fired 226 employees in Indore and dismantled its investigative HR team, allegedly to conceal the breach’s scale. The incident marks Coinbase’s worst breach in its history, exposing systemic vulnerabilities in third-party vendor security and internal oversight.
TPRM report: https://www.rankiteo.com/company/coinbase
"id": "coi5902859091725",
"linkid": "coinbase",
"type": "Breach",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '69,000+',
'industry': 'financial services (cryptocurrency)',
'location': 'United States',
'name': 'Coinbase',
'size': 'large (publicly traded)',
'type': 'cryptocurrency exchange'},
{'industry': 'customer service/BPO',
'location': ['United States (HQ)',
'India (Indore service center)'],
'name': 'TaskUs',
'size': 'publicly traded',
'type': 'outsourcing firm'}],
'attack_vector': ['insider threat (malicious employees)',
'data exfiltration',
'social engineering (impersonation)',
'bribery/conspiracy'],
'customer_advisories': ['Coinbase alerted impacted customers about the breach '
'and potential fraud risks'],
'data_breach': {'data_exfiltration': 'yes (via photos of customer accounts, '
'sold to hackers)',
'file_types_exposed': ['screenshots/photos of customer '
'accounts',
'databases'],
'number_of_records_exposed': '69,000+',
'personally_identifiable_information': ['Social Security '
'numbers',
'names',
'bank account '
'details'],
'sensitivity_of_data': 'high (SSNs, bank accounts)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data',
'account credentials']},
'date_detected': '2024-01',
'date_publicly_disclosed': '2024-05',
'description': 'In May, Coinbase revealed that hackers stole personal data of '
'thousands of clients, which was used to trick customers into '
'handing over their cryptocurrency. The breach stemmed from '
'rogue employees at TaskUs, an outsourcing firm in India. A '
'court filing identified Ashita Mishra, a TaskUs employee, as '
'a key suspect who stole confidential customer data (including '
'Social Security numbers and bank account information) and '
'sold it to hackers. The data was used to impersonate Coinbase '
'employees and defraud victims. Over 69,000 customers were '
'impacted, with Coinbase estimating costs up to $400 million. '
"The breach involved a 'sophisticated hub-and-spoke "
"conspiracy' with multiple TaskUs employees, including team "
'leaders, participating in the data theft for financial gain '
'($200 per stolen record). The masterminds were reportedly '
'teenagers and young adults linked to a criminal collective '
"called 'the Comm.' TaskUs and Coinbase have faced legal and "
'reputational fallout, with allegations of concealment and '
'inadequate response.',
'impact': {'brand_reputation_impact': ['severe damage due to largest breach '
'in Coinbase history',
'public distrust in outsourcing '
'security',
'legal scrutiny'],
'customer_complaints': 'multiple (class-action lawsuits filed)',
'data_compromised': ['Social Security numbers',
'bank account information',
'customer account details'],
'financial_loss': '$400 million (estimated cost to Coinbase)',
'identity_theft_risk': 'high (SSNs and bank details exposed)',
'legal_liabilities': ['class-action lawsuits (e.g., Greenbaum '
'Olbrantz)',
'regulatory investigations',
'potential fines'],
'operational_impact': ['termination of 226 TaskUs employees',
'severed ties with involved personnel',
'investigation disruptions'],
'payment_information_risk': 'high (bank account information '
'compromised)',
'systems_affected': ['TaskUs internal systems (Indore, India '
'service center)',
'Coinbase customer support databases']},
'initial_access_broker': {'data_sold_on_dark_web': 'likely (data funneled to '
"criminal collective 'the "
"Comm')",
'entry_point': 'TaskUs Indore service center '
'(India)',
'high_value_targets': ['Coinbase customer PII',
'financial data'],
'reconnaissance_period': 'potentially months '
'(breach started in '
'September 2024, detected '
'in January 2025)'},
'investigation_status': 'ongoing (legal proceedings, internal investigations '
'by TaskUs/Coinbase)',
'lessons_learned': ['risks of outsourcing sensitive operations',
'need for stricter insider threat monitoring',
'importance of transparency in breach disclosures',
'consequences of delayed detection (breach started in '
'September 2024 but disclosed in May 2025)'],
'motivation': 'financial gain',
'post_incident_analysis': {'corrective_actions': ['termination of involved '
'personnel',
'strengthened security '
'protocols and training',
'severed ties with '
'high-risk vendors',
'legal defense against '
'lawsuits'],
'root_causes': ['insufficient oversight of '
'outsourced employees',
'lack of monitoring for data '
'exfiltration (e.g., screenshots)',
'cultural/compliance gaps in '
'offshore operations',
'delayed breach detection '
'(September 2024 to January 2025)',
'conspiracy involving multiple '
'employees (including managers)']},
'recommendations': ['implement stricter access controls for third-party '
'vendors',
'enhance employee monitoring (especially in high-risk '
'regions)',
'conduct regular audits of outsourced operations',
'improve incident response transparency',
'invest in insider threat detection tools',
'revaluate outsourcing partnerships for critical data '
'handling'],
'references': [{'source': 'Fortune'},
{'date_accessed': '2025-02',
'source': 'Class-action complaint by Greenbaum Olbrantz '
'(amended filing)'},
{'source': 'Coinbase regulatory filings'}],
'regulatory_compliance': {'legal_actions': ['class-action lawsuits (e.g., '
'Greenbaum Olbrantz)',
'consolidation of hack-related '
'complaints'],
'regulatory_notifications': 'yes (Coinbase notified '
'regulators)'},
'response': {'communication_strategy': ['notified affected users',
'regulatory disclosures',
'public statements (limited details)'],
'containment_measures': ['termination of 226 TaskUs employees',
'severed ties with overseas agents',
'tightened access controls'],
'enhanced_monitoring': 'yes (post-breach)',
'incident_response_plan_activated': 'yes (Coinbase notified '
'users/regulators, cut ties '
'with involved parties)',
'remediation_measures': ['strengthened global security protocols',
'enhanced training programs']},
'stakeholder_advisories': ['Coinbase notified affected users and regulators',
'TaskUs issued statements on security '
'enhancements'],
'threat_actor': ['Ashita Mishra (TaskUs employee)',
'unnamed accomplices (TaskUs employees, including team '
'leaders)',
"criminal collective 'the Comm' (teenagers/young adults)"],
'title': 'Coinbase Data Breach via TaskUs Outsourcing Firm',
'type': ['data breach', 'insider threat', 'social engineering', 'fraud'],
'vulnerability_exploited': ['lack of access controls',
'inadequate monitoring of employee activity',
'weak insider threat detection',
'outsourcing risks']}