What happened?
A court filing in the Southern District of New York named a suspect, Ashita Mishra, and her accomplices, who were allegedly involved in a data breach at Coinbase. The document alleges that Mishra, an employee at TaskUs, Coinbase’s outsourced customer service firm, stored personal data from over 10,000 Coinbase customers on her phone and took pictures of customer information displayed on the computer screens. TaskUs employees were reportedly paid $200 per picture for these illicit activities, generating bribes thought to be upwards of $500,000.
Who does this affect?
The Coinbase data breach potentially impacts thousands of its customers whose sensitive information, including social security numbers and bank account details, were exposed. The implicated outsourcing firm, TaskUs, dismissed around 300 staff following the discovery of the breach. Plaintiffs allege the company attempted to silence insiders who raised concerns and even fired HR personnel who began investigating. This scandal affects the trust and reputation of both Coinbase and TaskUs, especially among their respective users and clientele.
Why does this matter?
This case could have significant market implications, potentially reshaping how exchanges manage their offshore operations. If proven, the allegations underscore the risks associated with outsourcing critical customer functions in the crypto industry, where exchanges handle sensitive personal data alongside financial assets. The situation could also damage TaskUs’s reputation as a trusted business outsourcing provider. Furthermore, as a result of the delayed disclosure of the breach, criminals had stolen between $180m and $400m in customer assets by the time public announcement was made, indicating more significant loss than just data protection.