Coinbase Under Fire for Delayed Disclosure of Customer Data Breach

Coinbase, one of the leading cryptocurrency exchanges, is facing significant scrutiny after it was revealed that the company delayed disclosing a major security breach affecting its customers. The breach, which involved the leak of sensitive user information such as names, IDs, phone numbers, and addresses, was publicly acknowledged on May 15, 2025. Coinbase attributed the disclosure to a $20 million ransom attempt by cybercriminals, raising questions about the exchange’s transparency and commitment to user security. This incident has sparked concerns among users and industry experts alike, as the delayed response may have exacerbated the risks for affected customers. The breach highlights the ongoing challenges cryptocurrency exchanges face in safeguarding user data and maintaining trust in an increasingly digital financial landscape. As the situation unfolds, stakeholders are calling for greater accountability and improved security measures to prevent similar incidents in the future.

Coinbase Faces Scrutiny Over Delayed Disclosure of Customer Data Breach

Coinbase’s transparency is under fire following revelations that the exchange delayed disclosing a significant security breach affecting customer data. The incident, which involved the leak of sensitive user information including names, IDs, phone numbers, and addresses, was publicly acknowledged on May 15, 2025. At the time, Coinbase cited a $20 million ransom attempt by cybercriminals as the catalyst for its disclosure.

New reports from Reuters suggest the exchange was aware of the breach as early as January. While Coinbase admitted in an SEC filing that it had detected unauthorized access to employee data "in previous months," it claimed the full scope of the threat only became clear after the extortion demand. The breach has now been linked to an insider operation involving an India-based employee of TaskUs, a U.S. outsourcing firm. The employee allegedly photographed customer data from her work computer and sold it to malicious actors.

Coinbase Knew of India Data Leak Months Before Disclosure: Report

Coinbase was aware of a customer data breach at its Indian outsourcing partner TaskUs as early as January 2025, according to a Reuters investigation. The exchange only publicly disclosed the incident in May after an employee at TaskUs’ Indore facility was caught photographing sensitive customer data from her work computer.

The breach involved at least two employees allegedly providing Coinbase user information to external hackers in exchange for bribes. TaskUs terminated over 200 employees following an internal investigation, signaling systemic security failures at the facility handling sensitive cryptocurrency client data.