Coinbase, which is currently the largest cryptocurrency exchange operating in the United States, announced a severe data breach that exposed sensitive customer information. The company detected this breach independently in previous months, revealing that cyber criminals had bribed overseas support agents to access and steal customer data. The attack led to a $20 million ransom demand from the assailants. Then they extort the victim, threatening to publicize the compromised data if the ransom isn’t paid.
Though the breach, which Coinbase admitted in a new blog post yesterday, did not affect any users’ passwords or private keys, it’s still a significant security lapse. The compromised data had first and last names, as well as home addresses, birth dates, phone numbers, and email addresses of customers. Sensitive financial information such as masked bank account numbers and identifiers, as well as the last four digits of social security numbers, were exposed. In addition to government IDs and account balance, images depicting these items were included in the compromised data.
On May 11, Coinbase received an email from an individual who alleged to have confidential information about particular customer accounts. This person further claimed, though, that they had proprietary internal documents on customer service databases and account management systems. I’m glad to see that the company is moving quickly to address their failure and make things right. They’ve created a $20 million incentive fund to create new information leading to the arrest and conviction of those behind the attack.
“This incident may cost us up to $400 million to fix,” stated Coinbase officials during a press briefing. Additionally, they have worked consistently on their own commitment to work in partnership with law enforcement. Their signal is unmistakable – they’re not going to pay the ransom and they promise to do everything possible to hold the perpetrators of the breach accountable.
“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” – Coinbase (from a blog post)
Coinbase’s current approach to the data breach has put the company on equal footing with its users. The company has been in the news for its recent strategic $2.9 billion acquisition of crypto derivatives exchange Deribit. This acquisition comes in as a key move through which Coinbase aims to extend its global footprint in the fast-changing cryptocurrency landscape. So picture this – are you ready to travel virtually with us! On Monday, the company will enter the fabled S&P 500 stock index. Its 30th anniversary this year is a testament to that journey.
As Coinbase navigates through this challenging incident, it continues to reinforce its commitment to customer security and transparency while pursuing opportunities for growth within the industry.
Leave a Reply