- The disclosure occurred four months after the breach was known.
- Potential damages could reach $400 million.
- Approximately 200 employees were laid off following the breach.
Coinbase, a leading cryptocurrency exchange, disclosed a major data breach involving TaskUs employees in India in May 2025. The breach, initially identified in January, had significant financial and market implications.
The disclosure of TaskUs employees leaking customer data from Coinbase indicates significant concerns about data security and outsourcing practices in the cryptocurrency industry.
Overview of the Breach
Coinbase learned of a data breach in January 2025 involving their outsourcing contractor, TaskUs. Employees in India, specifically in Indore, were caught stealing customers’ data for hackers. The breach was disclosed to the SEC in May 2025.
Financial Implications
The breach cost Coinbase significantly, with potential damages of up to $400 million. TaskUs terminated over 200 employees related to the breach. TaskUs described the incident as part of a broader criminal campaign targeting their clients. “We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted several other providers servicing this client.” – TaskUs, Official Statement
Security and Outsourcing Concerns
The breach has highlighted vulnerabilities in outsourcing customer support functions and broader implications for data security. Ransom for the stolen data was reportedly $20 million, which Coinbase refused to pay. Coinbase stated, “We refused to pay a $20 million ransom requested by cybercriminals in an extortion attempt.” Such events raise concerns over outsourcing practices.
Failure to report the breach earlier has led to scrutiny over regulatory compliance in data breach disclosures. Public confirmation of this breach has intensified discussions on corporate responsibility within the crypto industry and beyond.
Regulatory and Security Measures
Following the breach, the focus is on enhancing security measures and improving regulatory compliance. The need for developing stronger cybersecurity frameworks extends across the cryptocurrency sector to prevent future risks. Industry leaders call for more transparent disclosure practices. SEC regulations may also come under consideration as the industry seeks to tighten compliance frameworks.
