CyberSecurity news
FlagThis
Dissent@DataBreaches.Net
//
Coinbase confirmed a significant data breach affecting 69,461 customers, revealing that overseas support staff were bribed to hand over sensitive user data to criminals. The breach, which began on December 26, 2024, went undetected until May 11, 2025, leaving customers vulnerable to potential phishing attacks and extortion schemes. Coinbase acknowledged the incident in a filing with the Securities and Exchange Commission (SEC) on May 15, further detailing that the perpetrators attempted to extort the company for $20 million. The company has since confirmed the support staff involved have been fired.
The compromised data included a wide range of personal information, such as names, addresses, phone numbers, email addresses, the last four digits of Social Security numbers, masked bank account numbers, images of government IDs (passports and driver's licenses), and Coinbase account data, including balance snapshots and transaction histories. Coinbase emphasized that passwords, seed phrases, and private keys were not compromised, ensuring direct access to accounts and funds remained secure. The company is offering affected users free one-year credit monitoring and identity protection services to mitigate the potential fallout.
In response to the breach, Coinbase is bolstering its cybersecurity measures and has issued a $20 million bounty for information leading to the arrest of those responsible. The company estimates spending between $180 million and $400 million to cover reimbursements to affected users and enhance security infrastructure. While Coinbase intends to reimburse customers who may have fallen victim to phishing scams stemming from the stolen data, concerns remain regarding the potential for continued targeting of Coinbase customers, prompting some legal professionals to consider class-action lawsuits against the cryptocurrency exchange.
References :
The compromised data included a wide range of personal information, such as names, addresses, phone numbers, email addresses, the last four digits of Social Security numbers, masked bank account numbers, images of government IDs (passports and driver's licenses), and Coinbase account data, including balance snapshots and transaction histories. Coinbase emphasized that passwords, seed phrases, and private keys were not compromised, ensuring direct access to accounts and funds remained secure. The company is offering affected users free one-year credit monitoring and identity protection services to mitigate the potential fallout.
In response to the breach, Coinbase is bolstering its cybersecurity measures and has issued a $20 million bounty for information leading to the arrest of those responsible. The company estimates spending between $180 million and $400 million to cover reimbursements to affected users and enhance security infrastructure. While Coinbase intends to reimburse customers who may have fallen victim to phishing scams stemming from the stolen data, concerns remain regarding the potential for continued targeting of Coinbase customers, prompting some legal professionals to consider class-action lawsuits against the cryptocurrency exchange.
Share:
References :
- The Register - Security: Coinbase confirms insiders handed over data of 70K users
- securityaffairs.com: Coinbase data breach impacted 69,461 individuals
- PCMag UK security: Coinbase Hackers Went Undetected for 4+ Months, Stole Data on 69K Users
- www.techradar.com: Coinbase admits data breach affected 69,000 customers - here's what you need to know
- CyberInsider: Coinbase Says Insider Data Breach Impacted Over 69,000 Users
- techcrunch.com: Coinbase says its data breach affects at least 69,000 customers
Classification:
- HashTags: #Coinbase #DataBreach #InsiderThreat
- Company: Coinbase
- Target: 69,461 Coinbase Customers
- Attacker: FBI, Microsoft, International Cops
- Product: Coinbase
- Feature: Data Breach
- Type: DataBreach
- Severity: Major