Coinbase Knew of Data Breach in January, Delayed Public Disclosure: Reuters

According to the latest reports from Reuters, the exchange had prior knowledge of the data breach but delayed public disclosure, sparking concerns about transparency and security practices. Coinbase suffered a major data breach last month, exposing sensitive customer information, including names, addresses, and phone numbers.

Coinbase Hack: Prior Knowledge & Delayed Disclosure Raise Concerns

In a surprising revelation, Reuters reported that Coinbase had prior knowledge of a customer data leak as early as January. This raises questions about the company’s delayed public disclosure. According to Coinbase’s SEC filing, the company was aware that contractors had accessed unnecessary data in the “previous months”. The company added that they didn’t know that it was part of the larger operation until they received an extortion demand on May 11.

On May 15, as CoinGape reported, Coinbase revealed a significant hack that involved the stealing of personal information of high-profile users like Sequoia Capital’s Roelof Botha. Hackers allegedly bribed and recruited rogue overseas support agents to access users’ personal data. The exchange claimed, “No passwords, private keys, or funds were exposed. Prime accounts are untouched.”

However, the outsourcing company, TaskUS, stated they promptly notified Coinbase about the breach after the employees were caught. The company identified an employee taking photos of her work computer with her personal phone.

Following the hack, the exchange pledged reimbursement for affected users and the DOJ investigation. But they didn’t reveal if they had prior knowledge of the hack. Chief Legal Officer Paul Grewal noted, “We have notified and are working with the DOJ and other U.S. and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors.”

Coinbase Breach Traced to India

In addition, Reuters revealed that the Coinbase breach has connections to an Indian-based TaskUS agent. It was this Indian-origin female employee who was caught capturing images of her official computer.

Reportedly, TaskUs terminated over 200 employees in a mass layoff. Three former employees and a person familiar with the matter confirmed that the company informed Coinbase about the incident. The ex-employees claimed that the company investigators or colleagues who witnessed the incident in Indore, India, informed them that the woman and a suspected accomplice allegedly sold Coinbase customer information to hackers for bribes.

Further, the Reuters report added that Coinbase later stated that they had discovered the incident recently.  The exchange added that they had “cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.”