Coinbase Data Breach Hits 69,000 Users later than Insider Sells Sensitive Info

A recent court filing revealed that the breach, which exposed data of over 69,000 customers, originated from an outsourced customer support company it worked with.

The amended Tuesday at the U.S. District Court for the Southern District of New York pointed to TaskUs employees in India as responsible for the hack.

According to documents, Ashita Mishra, a customer support employee for Coinbase’s contractor TaskUs in India, allegedly stole sensitive user information over several months begining in September 2024. Investigators say Mishra used her work computer to photograph internal records and later sold the images to criminal actors.

“Hub-and-spoke” Conspiracy Breach

Mishra reportedly charged about $200 per photo, sometimes capturing up to 200 images in a single day, generating over $500,000 from the scheme. She was joined by other employees at the India office, in what the documents described as a “hub-and-spoke” conspiracy.

Authorities recovered more than 10,000 records from her phone, including names, emails, phone numbers, addresses, and partially masked government IDs.

In total, the breach exposed the personal data of at least 69,461 Coinbase users, leaving them vulnerable to targeted phishing and fraud.

While Coinbase confirmed that Secret keys, login credentials, and viewd phrases remained secure, the leak triggered waves of social-engineering scams and identity theft attempts against customers.

Court filings also allege that TaskUs downplayed the incident. Plaintiffs claim the contractor fired more than 300 employees in India in January 2025, dissolved its internal investigation unit, and failed to fully disclose the severity of the breach in regulatory filings.

Coinbase estimates the financial fallout—including reimbursements, fraud losses, and legal costs—could total up to $400 million.

Coinbase Puts an End to It

The platform has taken steps to contain the damage, including terminating compromised accounts, tightening internal access controls, and offering identity protection services to affected customers.

Coinbase also refused to pay a $20 million ransom demanded by the attackers, instead establishing a reward fund of the identical amount for information leading to arrests.

Coinbase hasn’t had a favorable week. Just last week, a wallet linked to a from the market.

Despite this, Brian Armstrong, CEO of the platform, predicts BTC will take the spotlight over the next decade, potentially s.