Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Coinbase Breach Linked To Customer Data Leak In India

Link: https://yro.slashdot.org/story/25/06/03/01352...

Coinbase reportedly knew as early as January about a customer data breach
linked to its outsourcing partner TaskUs, where an employee in India was
caught leaking customer information in exchange for bribes. "At least one
part of the breach [...] occurred when an India-based employee of the U.S.
outsourcing firm TaskUs was caught taking photographs of her work computer
with her personal phone," reports Reuters, citing five former TaskUs
employees. Though Coinbase disclosed the incident in May after receiving an
extortion demand, the newly revealed timeline raises questions about how long
the company was aware of the breach, which could cost up to $400 million.
Reuters reports: Coinbase said in the May SEC filing that it knew contractors
accessed employee data "without business need" in "previous months." Only
when it received an extortion demand on May 11 did it realize that the access
was part of a wider campaign, the company said. In a statement to Reuters on
Wednesday, Coinbase said the incident was recently discovered and that it had
"cut ties with the TaskUs personnel involved and other overseas agents, and
tightened controls." Coinbase did not disclose who the other foreign agents
were. TaskUs said in a statement that two employees had been fired early this
year after they illegally accessed information from a client, which it did
not identify. "We immediately reported this activity to the client," the
statement said. "We believe these two individuals were recruited by a much
broader, coordinated criminal campaign against this client that also impacted
a number of other providers servicing this client." The person familiar with
the matter confirmed that Coinbase was the client and that the incident took
place in January.

Read more of this story at Slashdot.

---
VRSS v2.1.180528