Coinbase Breach Linked To Customer Data Leak In India (reuters.com) 10
Coinbase reportedly knew as early as January about a customer data breach linked to its outsourcing partner TaskUs, where an employee in India was caught leaking customer information in exchange for bribes. "At least one part of the breach [...] occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone," reports Reuters, citing five former TaskUs employees. Though Coinbase disclosed the incident in May after receiving an extortion demand, the newly revealed timeline raises questions about how long the company was aware of the breach, which could cost up to $400 million. Reuters reports: Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were.
TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.
TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.
Sounds secure (Score:5, Insightful)
Coinbase believes the honesty of their outsourced subcontractors is enough to protect the financial information of their customers.
They had some untrustworthy subcontractors fired months after discovering they were stealing customer data.
They still outsource this trust, but now to a different set of subcontractors.
Re: (Score:1)
Criminals dealing in Crypto coins are shocked that other criminals are stealing their data. No honor amongst thieves.
Someone should go to jail for this (Score:2)
"Lust for blood" might suggest that everyone responsible all the way up the chain should face the electric chair, but realisticly, I'd settle for the employees and others directly involved in the data-theft/extortion go to prison. In particular, those who were directing the operation from the top and those who stood to gain the most need to receive the longest "free vacation" in their country's prison system.
As far as the companies involved: They were victims, but they were also failing to manage their bu
Re: (Score:2)
Re: (Score:2)
You don't see these kinds of data breaches with traditional banks, that also do KYC.
No jail time (Score:2)
They mention "criminal activity" but there is no mention of charges being pressed or sentencing. I wonder how many people were being bribed at these subcontractors and how high up did the corruption go?
And that is why crapto is a _really_ bad idea (Score:2)
All that regulation in banks is there for a _reason_. All thios has gone wrong before in sinmilar fashion. Crapto is just makeing all the same dumb mistakes again and all the morons fall for it because they are too greedy to think.