Report: Coinbase Learned of Data Breach in January

Core Viewpoint - Coinbase experienced a significant data breach involving an outsourcing company, which led to an extortion attempt by cybercriminals demanding $20 million [1][3][6]. Group 1: Incident Details - Coinbase was informed in January about unauthorized data access by contractors but only recognized the extent of the breach after receiving an extortion demand on May 11 [2][6]. - The breach involved a small group of insiders who copied data from customer support tools, affecting less than 1% of Coinbase's monthly transacting users [3][4]. - Cybercriminals used the stolen data to impersonate Coinbase and deceive customers into giving up their cryptocurrency [5]. Group 2: Company Response - Coinbase rejected the extortion demand, terminated the involved employees, and reported them to law enforcement [4][7]. - The company initiated new customer safeguards and established a$ 20 million reward fund for information leading to the arrest of the criminals [4]. - The estimated remediation costs for the incident range from $180 million to$ 400 million, with ongoing investigations to determine the full impact [6].