Coinbase Data Breach Exposes 69,461 Users, Sparks Regulatory Backlash – Crypto News Australia

Coinbase has confirmed in a regulatory filing that almost 70,000 customers have had sensitive data stolen in a huge data breach involving the bribery of its overseas customer support staff.
The filing, which was made with the US state of Maine’s Attorney General’s Office, showed that 69,461 Coinbase customers had their data leaked — 217 of which were residents of Maine. Coinbase said this amounts to about 1% of their customer base.
The filing describes the breach as “insider wrongdoing” and states that impacted individuals have been offered one year of free “credit monitoring and identity protection services from IDX.”
The leaked data included names, contact details, social security numbers and identity documents. This data was used by criminals to launch social engineering attacks against Coinbase customers, reportedly resulting in the theft of millions of dollars.
The criminals behind the breach also tried to extort Coinbase to the tune of US$20 million (AUD$31m) worth of Bitcoin, which the exchange refused to pay. 
This breach of Coinbase customer data was first revealed last week, but until now it hasn’t been clear exactly how many customers were impacted. Many customers now fear they may become the target of further crimes, such as identity theft and targeted attempts to steal their crypto assets.
Related: Binance and Kraken Thwart Social-Engineering Attacks Mirroring Coinbase Breach
In an X discussion about the harms caused by companies not protecting customer data, Coinbase CEO Brian Armstrong pushed back against know-your-customer (KYC) compliance measures on crypto exchanges. He said collecting KYC information is ineffective at stopping crime and cryptocurrency exchanges don’t want to collect it but they’re required by law to do so:
We don’t want to collect it, and our customers hate it. We are being forced to collect it against our will. And it’s not even effective at stopping crime, if you look at the data behind it.
Armstrong also suggested KYC and anti-money laundering laws, in addition to being ineffective, may also be unconstitutional.
“My hope is there is a constitutional challenge to BSA/AML laws, or congress decides to review it at some point,” he said. “We’re in a much different world than when it was enacted in 1970, and it arguably violates the fourth amendment, protecting us from unreasonable searches and seizures.”
Many jurisdictions around the world (including Australia) require that customers verify their identity with cryptocurrency exchanges before being allowed to trade. This means sharing sensitive data such as photographs, identity documents such as driver’s licenses or passports, and contact details. This data is required to support efforts to combat money laundering on these platforms.
However, holding such data puts a huge burden on companies to manage vulnerabilities related to cyber threats, human error and malicious intent. In this case, criminals bribed overseas-based Coinbase customer support staff to give up sensitive customer data obtained during the KYC process, effectively circumventing any technological security measures the exchange may have had in place.
Coinbase’s handling of this data leak has been widely criticised. Largely because the crypto exchange decided to go public with it on May 14, just one day before making changes to its user agreement that limit class action lawsuits and require all class actions be filed in New York. These changes apply to all lawsuits initiated after May 15.
The timing of the changes to its user agreement suggests Coinbase may have delayed informing the public of the data breach until they’d made it considerably harder for their customers to take legal action.
In April, Coinbase announced changes to its user agreement that added two clauses limiting class action lawsuits and requiring lawsuits to be filed in New York. The changes apply to disputes initiated after May 15.

On May 14, Coinbase disclosed a data breach. pic.twitter.com/ffMR2K4YRo
Crypto researcher Molly White said that since the data breach has become public, five class action lawsuits have been launched against Coinbase, all of them initiated after May 15 and two of them filed outside of New York.
Related: Ledger Warns of New Scam Involving Fake Letters Asking for Recovery Phrases
Armstrong defended Coinbase, saying the exchange had warned users since April 11 that the changes were incoming. He claimed that this proves “it had nothing to do with the data breach”. Armstrong also denied the changes were intended to limit class action lawsuits, but rather “just made the user terms consistent”.

Jody is a Brisbane-based freelance writer who specialises in writing about business, technology, and the future of work.
Crypto News Australia provides you with the most relevant Bitcoin, cryptocurrency & blockchain news.
Guides

Reviews
Disclaimer: By using this website, you agree to our Terms and Conditions and Privacy Policy. Crypto News Australia is a news service that adheres to its Editorial Policy. Crypto News Australia are a subsidiary of Swyftx Pty Ltd, which operates a cryptocurrency exchange in Australia and New Zealand. Our website is purely informational and provides news about cryptocurrency & blockchain. The information on Crypto News Australia should not be taken as financial advice, investment advice or a personal recommendation. Buying and trading cryptocurrencies is a high-risk activity. Please do your own due diligence before making any investment decisions. We are not accountable, directly or indirectly, for any damage or loss incurred, alleged or otherwise, in connection to the use or reliance of any content you read on this or any affiliated website.
Copyright © 2023 Crypto News Australia

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.