According to a Reuters report on June 3, Coinbase was informed in January that an employee of the company TaskUs may have leaked customer data.
However, the exchange platform did not publicly disclose the leak until May 14, in a regulatory filing.
The incident involved an India-based TaskUs employee who allegedly photographed customer data from her work computer and shared it with hackers for financial gain.
Reuters cited five former TaskUs employees who claimed that Coinbase was notified immediately.
TaskUs faced a lawsuit in May over its handling of the breach. Two employees were identified as the main culprits, affecting nearly 70,000 customers.
TaskUs said:
“Early this year we identified two individuals who illegally accessed information from one of our clients. We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client. We immediately reported this activity to the client, terminated the individuals involved, and are coordinating with law enforcement. Out of an abundance of caution, TaskUs ceased all Coinbase operations in Indore, India, in early January 2025, impacting 226 teammates. Following the investigation, all teammates, excluding the two bad actors, were offered a generous severance package, including six months of pay. We place the highest priority on safeguarding the data of our clients and their customers and continue to strengthen our global security protocols and training programs, including by investing millions of additional dollars in physical and information security.”