Coinbase Reports Data Breach Affecting 69,461 Customers

Coinbase, a major cryptocurrency exchange boasting over 100 million users, has disclosed that a recent data breach has affected 69,461 customers. This incident, attributed to unauthorized access by a limited number of personnel performing services in international retail support locations, has resulted in the theft of customer and corporate data.

In formal notifications submitted to the Office of Maine’s Attorney General, Coinbase detailed that while the breached data did not include sensitive items such as passwords, seed phrases, or private keys, it did compromise personal identifiers. Compromised information includes names, dates of birth, last four digits of Social Security numbers, masked bank account numbers, addresses, phone numbers, and email addresses. In some instances, the breach may also have exposed images of government identification documents such as driver’s licenses, passports, and national identity cards, along with comprehensive account information including transaction history and balances.

Coinbase has indicated that this type of data is sought after by attackers attempting social engineering schemes, enabling them to convincingly manipulate victims into transferring funds.

Concerns have been expressed regarding the potential consequences of this breach, including the risk of physical harm to affected individuals, given that prospective attackers now have knowledge of account balances and personal addresses.

The financial implications of this breach could be significant, with estimates ranging from $180 million to $400 million for remediation and customer reimbursements. Coinbase revealed in a filing with the U.S. Securities and Exchange Commission that the breach affected roughly 1% of its user base and was facilitated by support staff or contractors located outside the United States.

On May 11, cybercriminals sought to extort $20 million from Coinbase, threatening to publish the stolen data if their demands were not met. However, the company has made it clear that they will not acquiesce to the ransom demand. Instead, Coinbase intends to establish a reward fund of $20 million to incentivize tips leading to the identification and arrest of those responsible for the breach.

In light of these events, Coinbase has committed to reimbursing retail customers who unwittingly sent funds to the attackers as a direct result of the incident, following an investigative review to confirm the circumstances.

To mitigate risks, Coinbase urges customers to remain vigilant against imposters posing as company representatives, especially those trying to solicit sensitive information or funds. The company emphasizes that it never requests account details via telephone. Customers are advised to enhance their security measures by enabling withdrawal allow-listing and two-factor authentication.