- Coinbase learned of a data breach involving TaskUs contractors months before publicly disclosing it in May, despite knowing customer info was sold to hackers.
- The breach, traced to TaskUs staff in India, affected nearly 70,000 users. Coinbase fired involved agents but failed to name TaskUs in its filing or detailed preventive measures.
- The fallout included a US$20M ransom demand and over 200 layoffs at TaskUs. Coinbase now estimates losses of up to US$400M from the breach.
All this time, it turns out that Coinbase learned that a contractor working for outsourcing firm TaskUs was leaking customer data months before it disclosed the breach in a May regulatory filing.
According to a June 3 report from Reuters citing five former TaskUs employees, the breach involved a staff member in India who was caught photographing her work computer with her personal phone.
We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.
TaskUs Former Employees.
Coinbase Was Aware, Did Nothing Anyway
The ex-employees claim she and a suspected accomplice sold Coinbase customer information to hackers. Coinbase was allegedly informed immediately after the breach was discovered and fired the employees involved and other unnamed foreign agents, the report reads.
The exchange also claimed to have implemented stricter controls but did not identify the additional entities or specify the measures taken.
While the breach led to a mass layoff of more than 200 TaskUs workers in January (an event that even drew protests and local media attention) only two individuals were identified as directly responsible. The breach ultimately affected nearly 70,000 Coinbase users.
To make matters worse, TaskUs had already faced accusations of data breaches all the way back to 2022, after being sued over failure to protect users’ data resulting from the Ledger 2020’s wallet hack.
Coinbase finally acknowledged the incident on May 14, describing unauthorised access by “support agents overseas” and estimating the fallout could cost the company as much as US$400M (AU$618M).
Related: Binance and Kraken Thwart Social-Engineering Attacks Mirroring Coinbase Breach
But the filing stopped short of naming TaskUs, only admitting that contractors had viewed sensitive data “without business need” in prior months.
As if this wasn’t tiresome enough, the exchange said it fully realised the scope of the attack after receiving a US$20M ransom demand in May, accompanied by leaked user data.
Credit: Source link
