A massive data breach at Coinbase affected 69,461 users, exposing sensitive personal information. The breach, which occurred in late December but wasn’t discovered until early May, involved a group of overseas customer service agents who were bribed to steal data.
What Information Was Stolen?
The stolen data included a range of personal information, such as:
- Names and addresses
- Phone numbers and email addresses
- Partial Social Security numbers (last four digits)
- Masked bank account numbers and identifiers
- Government ID images
- Account balances and transaction history
- Some corporate data
Coinbase claims the affected users represent less than 1% of their monthly active users.
Coinbase’s Response
Affected customers were notified via email on May 15th. Coinbase refused to pay a $20 million Bitcoin ransom demanded by the hackers. Instead, CEO Brian Armstrong announced plans to reimburse affected customers and significantly increase cybersecurity measures. This includes relocating some overseas customer support operations. The company estimates remediation and reimbursement costs between $180 million and $400 million.
Looking Ahead
The incident highlights the ongoing challenges of protecting user data in the cryptocurrency industry. Coinbase’s response emphasizes their commitment to customer security, but the scale of the breach serves as a stark reminder of the potential risks involved.
