Coinbase knew in January 2025 about a customer data leak involving one of its outsourcing partners in India, according to a Reuters report published on June 2.
The data breach is part of a larger security incident that Coinbase said could cost the company up to $400 million. Sources told Reuters that an employee of TaskUs, a U.S.-based outsourcing company, was caught taking pictures of customer information from her work computer using her phone.
The incident happened in Indore, India. She and another person are suspected of sharing this information with hackers in exchange for money.
Former TaskUs employees said the company informed Coinbase immediately after the incident. They also said more than 200 employees were fired following the breach, which attracted media attention in India.
Coinbase had earlier blamed “support agents overseas” for the breach. In a filing with the SEC on May 14, the company said it discovered the wider impact of the breach only after receiving an extortion demand on May 11. However, the new information reported by Reuters suggests Coinbase may have known earlier.
In a statement to Reuters, Coinbase said it had ended its relationship with the involved TaskUs workers and other overseas agents. It also said it had tightened its security controls.
TaskUs confirmed that two employees were fired earlier this year for illegally accessing client data, but did not name Coinbase. The company said it believed the two were part of a larger criminal scheme targeting its client.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Reuters could not confirm whether police in India made any arrests. Police in Indore did not respond to requests for comment.
