We recently reported that Coinbase, the largest U.S.-based cryptocurrency exchange, was a victim of a cybersecurity incident involving a group of overseas customer support agents stealing sensitive customer data to extort the company for $20 million. The company has now revealed that this incident has affected around 69,461 customers.
In data breach notificationsย filedย with the Office of Maine’s Attorney General on Tuesday, Coinbase said, “a small number of individuals, performing services for Coinbase at our overseas retail support locations, improperly accessed customer information.”
Table Of Contents
Breach in Detail
The breach involved cybercriminals bribing overseas customer support agents to access sensitive user information, including customer names, email and postal addresses, masked Social Security numbers (last 4 digits only), masked bank account numbers and some bank account identifiers government ID images, account data balance snapshots and transaction history and limited corporate data. However, no passwords, private keys, or users’ funds were part of the breach.
The attackers demanded a $20 million ransom in exchange for the stolen data. However, Coinbase refused to comply and instead offered a $20 million reward fund for information leading to the arrest and conviction of the attackers.
โThese instances of such personnel accessing data without business need were independently detected by the Companyโs security monitoring in the previous months. Upon discovery, the Company had immediately terminated the personnel involved and also implemented heightened fraud-monitoring protections and warned customers whose information was potentially accessed in order to prevent misuse of any compromised information,โ reads theย filing with the SEC.
โSince receipt of the email, the Company has assessed the email to be credible, and has concluded that these prior instances of improper data access were part of a single campaign (the โIncidentโ) that succeeded in taking data from internal systems. The Company has not paid the threat actorโs demand and is cooperating with law enforcement in the investigation of this Incident.โ
Estimations on the Way
While no customer funds were reported stolen, the company estimates remediation and customer refunds could range between $180 million and $400 million. However, the full extent of the impact is still being assessed.
“Coinbase will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident prior to the date of this post, following a review to confirm the facts,” the company wrote in a blog post dated May 15.
Coinbase advises customers to stay vigilant, as scammers may impersonate their employees. The company reiterated it will never ask for sensitive information like passwords or 2FA codes, or call or text users to transfer funds to a specific or new address, account, vault, or a โsafeโ wallet.
