Report: Coinbase Learned of Data Breach in January
reportedly knew in January about a data breach at an outsourcing company that it publicly disclosed May 14 in a filing with the (SEC).
The cryptocurrency exchange was notified immediately when an India-based employee of the outsourcing company was caught taking photos of data on her work computer, Reuters reported Monday (June 2), citing unnamed sources.
Coinbase said in its SEC filing that it knew contactors accessed data they didn’t need for business reasons in “previous months,” but didn’t know that the access was part of a larger operation until it received an extortion demand on May 11, according to the report.
Coinbase did not immediately reply to PYMNTS’ request for comment.
The company said in a May 15 that a turned into an extortion attempt when cybercriminals convinced a “small group” of company insiders to copy data from its customer support tools for less than 1% of Coinbase’s monthly transacting users and then tried to extort Coinbase for $20 million to cover up the breach.
“We said no,” Coinbase said in the blog, adding that it fired the compromised employees “on the spot,” referred them to law enforcement, began adding new customer safeguards, and set up a $20 million reward fund for information that leads to the arrest and conviction of the cybercriminals.
Because the cybercriminals also used the data they stole to contact Coinbase customers while pretending to be Coinbase in order to trick people into handing over crypto, Coinbase said it would reimburse customers who were tricked into doing so.
In its filing with the SEC, Coinbase said that the could cost it between $180 million and $400 million in remediation costs and voluntary customer reimbursements, adding that its investigation into the incident was still underway, so the full impact of the cyberattack was not yet known.
On May 19, Coinbase Chief Legal Officer Bloomberg that the is investigating the data breach.
“We have notified and are working with the DOJ and other U.S. and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors,” Grewal said, per the report.
