Coinbase Faces $400M Fallout from Major KYC Data Breach Affecting 70,000 Users

A critical data breach at Coinbase has exposed the personal information of 70,000 customers, with potential financial repercussions reaching up to $400 million. The breach, linked to a bribed employee at outsourcing firm TaskUs in India, compromised sensitive Know Your Customer (KYC) data, including government-issued IDs and residential addresses. Revealed in a May 2025 SEC filing, this incident highlights severe vulnerabilities in third-party outsourcing and KYC security measures within the cryptocurrency industry. As of June 2025, the fallout underscores the urgent need for enhanced data protection protocols in crypto exchanges.

Coinbase Data Breach Exposes 70,000 Users, Raises KYC Concerns

A significant data breach at Coinbase has compromised the personal information of 70,000 customers, potentially costing the company up to $400 million. The incident, traced to an employee at TaskUs in India, involved bribed staff leaking sensitive KYC data, including government-issued IDs and home addresses. The breach, disclosed in a May 2025 SEC filing, underscores vulnerabilities in outsourcing and KYC protocols.

The fallout has reignited debates about KYC’s efficacy. Designed to combat money laundering, these measures now appear to expose everyday users to heightened risks. The incident highlights a critical tension between regulatory compliance and user security in the crypto space.

Coinbase Severs Ties with TaskUs Following $400M Data Breach Linked to Indian Contractor

Coinbase has terminated its contract with outsourcing firm TaskUs after a data breach involving an Indian employee compromised sensitive customer information. The incident, estimated at $400 million in damages, exposed vulnerabilities in third-party vendor management.

The breach occurred when a TaskUs employee allegedly photographed user data and shared it with hackers. Coinbase responded by cutting ties with involved vendors, notifying regulators, reimbursing affected users, and upgrading security protocols. Internal discovery in January preceded public disclosure via an SEC filing in May, raising questions about transparency.

TaskUs confirmed the breach originated from its Indian operations, describing a scheme where employees were bribed to steal records. While Coinbase initially blamed overseas agents, the full scope of compromised data remains under investigation.