Coinbase Confirms Insider Data Breach Affecting Customer Support Systems
Learn More
Coinbase, a cryptocurrency exchange in the United States, reports a data breach caused by an indivudal contractor. The contractor used their access to internal tools to look at customer profiles without permission.
Scattered Lapsus Hunters group posted screenshots of internal systems, apparently claiming they got the data accessed by the contractor. It is not clear if the contractor was bribed or acted alone, but past attacks have used bribed agents to steal data. The screenshots shared online showed a support panel with access to sensitive user details.
The compromised data includes:
- Full names and email addresses
- Dates of birth and phone numbers
- Know Your Customer (KYC) information
- Cryptocurrency wallet balances and transaction histories
The number of affected individuals is approximately 30.
Coinbase fired the contractor, notified the affected users and provided them with 12 months of free identity theft protection. They also reported the incident to regulators.
