Coinbase Under Fire for Delayed Data Breach Disclosure

Coinbase is facing significant backlash after it was revealed that the cryptocurrency exchange delayed disclosing a major data breach that could cost up to $400 million. The breach, which occurred through a third-party overseas support vendor, exposed tens of thousands of customer records, including sensitive information such as names, addresses, and partial Social Security numbers. Internal emails and interviews indicate that the exchange waited months before notifying regulators and affected users, raising concerns about transparency and user protection. Coinbase has since dropped the vendor linked to the incident, but the fallout highlights ongoing challenges in securing customer data in the rapidly evolving crypto industry.

Coinbase Faces Backlash Over Delayed Disclosure of Data Breach

Coinbase delayed revealing a significant data breach that may cost up to $400 million, eventually dropping a third-party vendor linked to the incident. Hackers siphoned tens of thousands of customer records from an overseas support vendor, but the exchange waited months to notify regulators and users. Internal emails and interviews reveal the breach exposed sensitive data, including names, addresses, partial Social Security numbers, and ticket histories.

The breach traces back to a Texas-based outsourcing firm, TaskUs, whose India call center staff allegedly leaked customer KYC files. Coinbase has since severed ties with the vendor and is enhancing controls across all third-party partnerships. TaskUs confirmed firing multiple employees after Coinbase raised alarms but maintains it escalated the issue promptly.

Under SEC rules, public companies must disclose material cyber incidents within four business days. Coinbase’s May filing vaguely referenced "prior months" of unauthorized activity, omitting the January alert timeline. The fallout underscores growing scrutiny of crypto exchanges’ cybersecurity practices as regulatory pressure mounts.

Coinbase Knew About Data Leak Since January, Faces $400M Exposure

Coinbase was aware of a customer data breach as early as January, months before its public disclosure, according to a Reuters investigation. The incident involved compromised support agents leaking sensitive account details—including names, addresses, and partial Social Security numbers—though private keys remained secure.

An India-based contractor from outsourcing firm TaskUs allegedly photographed confidential data from her work computer. The attackers demanded a $20 million ransom, which Coinbase refused. The exchange estimates potential costs could reach $400 million, though Prime accounts were unaffected.