Coinbase was aware of massive data breach back in January, sources say

Coinbase publicly disclosed a huge data breach in May. However, the cryptocurrency exchange already knew about it back in January.

Last month, Coinbase filed a data breach notification to the Securities and Exchange Commission (SEC), saying it received an email from an unknown threat actor claiming to have obtained information about Coinbase customer accounts, as well as internal Coinbase documentation relating to customer-service and account management systems.

The attackers were able to lay their hands on personal information like names, addresses, phone numbers, and email addresses. Furthermore, they managed to exfiltrate customer data like copies of driver’s licenses and passports, partial social security numbers, and transaction histories. Corporate data, including training materials and communications to support agents, was also compromised.

In total, 69,461 customers were affected by the data breach. Projections are that this incident is going to cost the cryptocurrency exchange up to $400 million.

More details have now emerged. According to Reuters, which spoke to six people familiar with the matter, Coinbase knew about the data breach back in January.

The company was immediately informed when an India-based employee working for TaskUs was caught taking photos of her work computer with her personal phone. She and a suspected accomplice allegedly provided hackers with confidential Coinbase customer information in return for bribes.

Days after the incident, the two employees, as well as over two hundred other workers, were laid off with allegations of fraud.

In a statement to Reuters, Coinbase said that the incident was recently discovered and the cryptocurrency exchange had to cut ties with the Indian company involved, as well as with other overseas agents, to tighten control.

“We immediately reported this activity to the client. We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client,” TaskUs responded to Reuters. The company has confirmed that this client was indeed Coinbase.

It’s unclear whether any arrests have been made so far.