The breach involved a **coordinated criminal bribery scheme** within TaskUs’s India operations, where employees were allegedly bribed to photograph and leak sensitive **Coinbase customer account data** to external criminals. The conspiracy expanded beyond front-line staff, leading to the dismissal of around **300 employees** in January 2025. TaskUs reportedly **concealed the breach’s scope**, silenced whistleblowers, and fired HR personnel investigating the incident. Despite internal awareness, the company **denied any material breach** in regulatory filings (including a February 2025 Form 10-K) and proceeded with a **$1.6 billion buyout by Blackstone** before Coinbase publicly disclosed the incident in May. The breach originated in late 2024, affecting **less than 1% of Coinbase’s monthly transacting users**, with estimated losses reaching **$400 million**. Coinbase reimbursed victims, severed ties with TaskUs, and offered a **$20 million reward** for information leading to arrests, refusing to pay ransom demands.
Source: https://finance.yahoo.com/news/amended-lawsuit-accuses-taskus-concealing-021230899.html
TPRM report: https://www.rankiteo.com/company/taskus
"id": "tas4962149091725",
"linkid": "taskus",
"type": "Breach",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Less than 1% of monthly '
'transacting users',
'industry': 'Financial Services (Crypto)',
'location': 'United States',
'name': 'Coinbase',
'type': 'Cryptocurrency Exchange'},
{'industry': 'Business Process Outsourcing (BPO)',
'location': ['United States (HQ)',
'India (Operations Center)'],
'name': 'TaskUs',
'type': 'Outsourcing Firm'}],
'attack_vector': ['Insider Threat (Bribed Employees)',
'Social Engineering',
'Physical Data Theft (Photographing Sensitive Information)'],
'customer_advisories': ['Coinbase Notified Affected Users',
'Reimbursement Provided'],
'data_breach': {'data_exfiltration': 'Yes (Physical Theft via Photographs, '
'Shared with Criminals)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, Account Access Details)',
'type_of_data_compromised': ['Customer Account Information',
'Sensitive Account Details '
'(Photographed)']},
'date_publicly_disclosed': '2025-05',
'description': 'Amendments to a class action in New York against TaskUs '
'reveal systemic security failures and concealment in a breach '
'tied to Coinbase customer data. The breach originated in late '
"2024, involving a criminal bribery scheme at TaskUs's India "
'operations, where employees were allegedly bribed to '
'photograph sensitive Coinbase customer account information '
'and pass it to criminals. The breach affected less than 1% of '
"Coinbase's monthly transacting users, with estimated losses "
"up to $400 million. TaskUs allegedly concealed the breach's "
'scope, fired HR personnel investigating it, and proceeded '
'with a $1.6 billion buyout before Coinbase disclosed the '
'incident in May 2025. Coinbase reimbursed affected users and '
'ended its relationship with TaskUs, offering a $20 million '
'reward for information leading to arrests.',
'impact': {'brand_reputation_impact': ['Negative Publicity for TaskUs and '
'Coinbase',
'Allegations of Concealment and '
'Non-Disclosure',
'Loss of Trust in Outsourcing '
'Security'],
'customer_complaints': 'Class Action Lawsuit Filed (Southern '
'District of New York)',
'data_compromised': ['Coinbase Customer Account Information',
'Personally Identifiable Information (PII)'],
'financial_loss': '$400 million (estimated total loss)',
'identity_theft_risk': 'High (Sensitive Account Information '
'Compromised)',
'legal_liabilities': ['Class Action Lawsuit',
'Potential Regulatory Violations for '
'Non-Disclosure'],
'operational_impact': ['Termination of 300+ TaskUs Employees',
'End of Coinbase-TaskUs Partnership',
'HR Personnel Fired During Investigation']},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (Data Passed to '
'Criminals for '
'Fraud/Resale)',
'entry_point': 'Bribed TaskUs Employees (India '
'Operations)',
'high_value_targets': 'Coinbase Customer Account '
'Data',
'reconnaissance_period': 'Late 2024 to Early 2025'},
'investigation_status': 'Ongoing (Class Action Lawsuit, Potential Regulatory '
'Probes)',
'motivation': 'Financial Gain (Data Theft for Fraud/Resale)',
'post_incident_analysis': {'corrective_actions': ['Coinbase: Ended TaskUs '
'Partnership, Tightened '
'Controls, $20M Reward for '
'Arrests',
'TaskUs: Terminated ~300 '
'Employees (Allegedly '
'Involved)'],
'root_causes': ['Inadequate Vendor Security '
'Oversight (Coinbase)',
'Insider Threat Vulnerabilities '
'(TaskUs)',
'Failure in HR and Compliance '
'Monitoring (TaskUs)',
'Concealment of Breach Scope '
'(TaskUs)']},
'ransomware': {'ransom_paid': 'No (Coinbase refused to pay criminals)'},
'references': [{'source': 'Decrypt'},
{'source': 'Reuters'},
{'date_accessed': '2025 (Filed on Tuesday, exact date '
'unspecified)',
'source': 'Amended Class Action Complaint (Southern District '
'of New York)'}],
'regulatory_compliance': {'legal_actions': ['Class Action Lawsuit (Southern '
'District of New York)',
'Potential Regulatory '
'Investigations'],
'regulations_violated': ['Potential Non-Compliance '
'with Data Breach '
'Disclosure Laws',
'Misrepresentation in SEC '
'Filings (Form 10-K)'],
'regulatory_notifications': ['Coinbase Notified '
'Regulators '
'Immediately (Timing '
'Unspecified)',
'TaskUs Allegedly '
'Misled Regulators '
'(Claimed No Material '
'Breach)']},
'response': {'communication_strategy': ['Public Disclosure in May 2025 '
'(Coinbase)',
'No Prior Disclosure by TaskUs '
'(Alleged Concealment)'],
'containment_measures': ['Termination of Bribed Employees (~300 '
'in January 2025)',
'Ended Partnership with TaskUs'],
'incident_response_plan_activated': 'Yes (Coinbase)',
'law_enforcement_notified': 'Yes (Coinbase notified regulators)',
'recovery_measures': ['Reimbursement of Affected Coinbase '
'Customers'],
'remediation_measures': ['Tightened Vendor and Insider Controls '
'(Coinbase)',
'$20 Million Reward for Information '
'Leading to Arrests']},
'threat_actor': ['Organized Criminal Group',
'Bribed TaskUs Employees (India Operations)'],
'title': 'Systemic Security Failures and Data Breach at TaskUs Affecting '
'Coinbase Customer Data',
'type': ['Data Breach',
'Insider Threat',
'Social Engineering',
'Bribery Scheme'],
'vulnerability_exploited': ['Weak Insider Controls',
'Lack of Vendor Oversight',
'Inadequate HR and Compliance Monitoring']}