Bengaluru: Two India-based employees of US BPO TaskUs illegally accessed sensitive information belonging to their client, Coinbase. These staff members were allegedly part of a larger criminal operation targeting Coinbase, which also affected other service providers working with the cryptocurrency exchange.
The cryptocurrency exchange utilises TaskUs to provide outsourced customer service support from personnel located in India. Coinbase stated in the US SEC filing that the incident did not involve the compromise of passwords or private keys, and at no time were any of the targeted contractors or employees able to access customer funds. While the company is still investigating, the affected data included names, addresses, phone numbers, and emails, masked social security, govt ID images, and account data. The security breach was referenced by plaintiff Nelson Estrada, who lodged a complaint in a US court against TaskUs, alleging the company’s failure to protect personal identification details of himself and millions of other individuals. Coinbase disclosed in a regulatory filing that it received email communication from an unknown threat actor claiming to have obtained information about certain Coinbase customer accounts, as well as internal Coinbase documentation, including materials relating to customer service and account-management systems.
The threat actor, the filing said, appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access. According to a complaint, Coinbase said the preliminarily estimated expenses to be within the range of approxima
Read More