The California Office of the Attorney General disclosed that New Bit Ventures Ltd. (Coinmama), a cryptocurrency exchange platform, suffered a data breach on December 9, 2018, compromising the personal information of approximately 1.4 million user accounts. The exposed data included sensitive details such as full names, residential addresses, email addresses, genders, and government-issued ID numbers (e.g., passport or national identification numbers). The breach was not immediately detected and was only publicly reported on May 7, 2019, nearly five months after the incident. The compromised data poses significant risks, including identity theft, financial fraud, and targeted phishing attacks, as threat actors could exploit the leaked IDs and personal details for malicious purposes. While the exact method of the breach (e.g., exploitation of a vulnerability, insider threat, or external hack) was not specified in the report, the scale and nature of the exposed data suggest a large-scale unauthorized access to Coinmama’s systems. The delay in disclosure further exacerbates potential harm, as affected users remained unaware of the exposure for an extended period, increasing their vulnerability to follow-on attacks. As a cryptocurrency platform handling financial transactions, the breach undermines user trust and could lead to regulatory scrutiny, especially given the involvement of government-issued identifiers, which are high-value targets for cybercriminals. The incident highlights critical gaps in data protection measures, particularly for platforms dealing with both financial and personally identifiable information (PII).
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-146973
TPRM report: https://www.rankiteo.com/company/new-bit
"id": "new326091725",
"linkid": "new-bit",
"type": "Breach",
"date": "12/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,400,000',
'industry': 'Cryptocurrency Exchange',
'location': 'California, USA (reported by Attorney '
'General)',
'name': 'New Bit Ventures Ltd. (Coinmama)',
'type': 'Private Company'}],
'data_breach': {'data_exfiltration': 'Likely (reported as compromised)',
'number_of_records_exposed': '1,400,000',
'personally_identifiable_information': ['names',
'addresses',
'emails',
'genders',
'ID numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)']},
'date_detected': '2018-12-09',
'date_publicly_disclosed': '2019-05-07',
'description': 'The California Office of the Attorney General reported that '
'New Bit Ventures Ltd. (Coinmama) experienced a data breach on '
'December 9, 2018, affecting approximately 1.4 million '
'accounts. Personal information such as names, addresses, '
'emails, genders, and ID numbers were potentially compromised.',
'impact': {'data_compromised': ['names',
'addresses',
'emails',
'genders',
'ID numbers'],
'identity_theft_risk': 'High (PII exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'New Bit Ventures Ltd. (Coinmama) Data Breach (2018)',
'type': 'Data Breach'}