Coinbase

A data breach at Coinbase, facilitated by bribed customer support representatives from outsourcing firm TaskUs, resulted in the theft of sensitive user data including names, emails, partial financial information, SSN, transaction history, and ID document scans. The breach affected nearly 70,000 customers and was discovered after an employee was caught capturing photos of her computer screen. The threat actors demanded a $20,000,000 ransom to not publish the stolen data. Coinbase estimated the incident would cause losses of up to $400 million.

Source: https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/

TPRM report: https://scoringcyber.rankiteo.com/company/coinbase

"id": "coi739060625",
"linkid": "coinbase",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '70,000',
                        'industry': 'Financial Services',
                        'location': 'Global',
                        'name': 'Coinbase',
                        'type': 'Cryptocurrency Exchange'},
                       {'industry': 'Business Process Outsourcing',
                        'location': 'Indore, India',
                        'name': 'TaskUs',
                        'type': 'Outsourcing Firm'}],
 'attack_vector': 'Insider Threat',
 'customer_advisories': 'Notified nearly 70,000 customers',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '70,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['names',
                                              'emails',
                                              'partial financial information',
                                              'SSN',
                                              'transaction history',
                                              'ID document scans']},
 'date_detected': 'January 2025',
 'date_publicly_disclosed': 'May 15, 2025',
 'description': 'A data breach at Coinbase involving India-based customer '
                'support representatives from outsourcing firm TaskUs, who '
                'were bribed to steal data from the crypto exchange.',
 'impact': {'data_compromised': ['names',
                                 'emails',
                                 'partial financial information',
                                 'SSN',
                                 'transaction history',
                                 'ID document scans'],
            'financial_loss': 'Up to $400 million',
            'systems_affected': 'Customer support systems'},
 'initial_access_broker': {'entry_point': 'Insider Threat'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Insider Threat'},
 'ransomware': {'ransom_demanded': '$20,000,000', 'ransom_paid': 'No'},
 'references': [{'source': 'Reuters'}, {'source': 'BleepingComputer'}],
 'response': {'communication_strategy': 'Notified affected customers',
              'law_enforcement_notified': 'Yes'},
 'threat_actor': 'Unknown',
 'title': 'Data Breach at Coinbase',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human'}