Coinbase reportedly knew about a significant data breach months before it publicly disclosed the incident. Users’ data of Coinbase was allegedly sold once more to hackers by a TaskUs subcontractor, who is also a subcontract firm, in January. It is with regards to Coinbase’s internal security and regulatory compliance.
Charges of Data Mismanagement
The breach, discovered on a printout of a Reuters news story, consisted of copying a copy of sensitive information on her office computer onto her cell phone by an Indian employee at Coinbase. She and the alleged co-conspirator allegedly made money from selling information of that nature for bribes.
Coinbase discovered the breach just minutes after the leak was announced, indicating possible insider knowledge before its May 14th announcement to regulators.
Impact on Coinbase Reputation
After the hack, Coinbase dismissed the involved TaskUs employees and ramped up security in its own ranks. The company confirmed that third-party contractors accessed sensitive user information “without business need.” Coinbase explained that it had no idea how big the attack was until an extortion attempt on May 11 for $20 million.
Recent Developments Following the Data Breach
The hacking prompted the launching of a criminal investigation by the U.S. Department of Justice (DOJ). The agency is assisting foreign law enforcement agencies with investigating whether Coinbase had adequate internal controls. There has not been an arrest yet.
Legal Scrutiny Intensifies
There has been more than one suit against Coinbase for defying the incident. Plaintiffs have sued TaskUs and Coinbase for negligence, alleging that they failed to implement adequate security protocols, leading to the exposure of confidential KYC information. Legal analysts note that the timing puts Coinbase at a disadvantage, as the participants did not appear to disclose material facts to regulators and consumers.
Past Incidents
It is the second time TaskUs has been in the news over data security. In 2022, lawsuits implicated the firm in a breach involving Ledger SAS, a hardware wallet provider. The suits have once again put hybrid outsourcing and data security top of mind for crypto.
The initial denial of the data breach by Coinbase is a story that discredits its regulatory compliance and security measures. Although the investigation continues in the form of ongoing litigation, the company needs to close such loopholes in case it is going to regain the users’ trust.
