Coinbase data breach affected nearly 70,000 customers

Popular cryptocurrency exchange platform Coinbase said a data security incident it suffered recently compromised the sensitive personal information of almost 70,000 individuals.

 

On May 14, in a filing with the U.S. Securities and Exchange Commission (SEC), Coinbase said that it received an email on May 11 from a threat actor claiming to have breached its internal network and stolen customer data, along with internal documentation related to customer service and account management systems.

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

“The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.

 

“Upon discovery, the Company had immediately terminated the personnel involved and also implemented heightened fraud-monitoring protections and warned customers whose information was potentially accessed in order to prevent misuse of any compromised information,” Coinbase said.

 

The compromised data included names, addresses, phone numbers, emails, masked Social Security, masked bank-account numbers and some bank account identifiers, government‑ID images, Coinbase account data and corporate data including documents, training material, and communications available to support agents.

 

Coinbase has, however, confirmed that passwords, seed phrases, private keys, or any other information that would allow someone to directly access customer accounts or funds were not accessed during the incident. Also, “Coinbase Prime was untouched.”

 

In a filing with the Office of Maine Attorney General, the company said it has identified at least 69,461 individuals impacted by the incident.

 

Coinbase added that the threat actors demanded a $20 million ransom to prevent the public release of stolen data. However, the company has declined to pay and is actively collaborating with law enforcement to resolve the matter promptly.

 

“Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack,” the company said in a blogpost.