• Coinbase’s data breach originated from TaskUs employees in India sharing customer data with hackers.
• The breach was detected in January but publicly disclosed in May after an extortion demand.
• Over 200 TaskUs employees were fired, and Coinbase has cut ties with implicated personnel.

According to a recent report by Reuters, the cryptocurrency exchange Coinbase faced a data breach, which has been connected to an India-stationed outsourcing company. The breach, which went public in May, involved access to customer credentials that reportedly began in January. Coinbase announced that the incident could cost Coinbase up to $400 million to improve its security to avoid future breaches like that.

Incident Details and Immediate Response

The breach occurred when an employee of TaskUs, a U.S.-based outsourcing firm with operations in India, was caught photographing her work computer screen with a personal phone. The employee worked in the Indian city of Indore. Multiple former TaskUs employees confirmed that the woman and a suspected accomplice allegedly shared Coinbase customer information with hackers in exchange for bribes.

Sources said the exchange received immediate notification about the breach. Company investigators and colleagues who witnessed the incident briefed some TaskUs employees about the case. Following the discovery, TaskUs terminated over 200 employees in a mass layoff that attracted local media attention.

Coinbase first reported the breach publicly on May 14 through an SEC filing. The company acknowledged unauthorized access by overseas support agents but did not initially specify TaskUs as the source. The filing mentioned that Coinbase became aware of contractors accessing employee data “without business need” in “previous months.” The company linked the breach to a wider campaign only after receiving an extortion demand on May 11.

In a statement to Reuters, the company said it recently uncovered the full scope of the incident. The company severed ties with the involved TaskUs personnel and other unnamed overseas agents. It also strengthened control measures following the breach.

TaskUs’ Statement and Investigation Status

TaskUs confirmed firing two employees earlier this year for illegally accessing client information. The company did not name the exchange initially, but reported the activity to the affected client. TaskUs described the fired workers as part of a broader, coordinated criminal campaign targeting the client and its service providers. 

The person familiar with the matter verified that Coinbase was the affected client and that the incident took place in January. Authorities in Indore have not commented on arrests or ongoing investigations. This breach raises questions about the timeline of disclosure and Coinbase’s early awareness of the issue. 

The link between TaskUs employees and the customer data leak adds complexity to the case. More details could emerge as investigations proceed, but Coinbase’s estimated financial impact stands near $400 million. The incident highlights vulnerabilities in outsourcing arrangements, especially when handling sensitive customer data across international locations. Coinbase’s response includes cutting ties with implicated agents and enhancing controls to prevent future breaches.