The crypto exchange Coinbase is dealing with severe costs after an internal data breach with allegedly bribed employees has come to light. The firm disclosed in a recent filing with the U.S. Securities and Exchange Commission (SEC) that the breach could cost the company between $180 million and $400 million.
According to Coinbase, The breach happened when cybercriminals bribed some of Coinbase’s offshore customer service workers. These employees gave the hackers access to sensitive user data, including names, addresses, phone numbers, emails, government IDs, and account records.
The stolen information was then used in social engineering attacks, where scammers tricked Coinbase users into giving up even more personal information, however, the company has yet to disclose when the breach occurred or how many employees were involved.
In response to this, the company made sure that the bribed workers were fired immediately, but the damage is done as reports suggest the attack impacted about 1% of Coinbase’s monthly active users. The company’s cost estimate covers remediation expenses, meaning the steps taken to fix the damage, as well as voluntary reimbursements to affected customers.
Furthermore, Coinbase also noted that this figure could rise or fall depending on future developments, given future events such as possible insurance claims or recovering the losses.
This news comes shortly after Coinbase launched a $20 billion bounty program to help track down those responsible for the attack. The exchange is working with investigators to identify and stop the cybercriminals behind the breach.
In the official SEC filing, Coinbase explained that their cost estimate is based on present information which may change as they dig more. Despite the breach, Coinbase continues to rank among the largest and most trusted crypto exchanges. Nonetheless, this breach shows the dangers involved in handling massive volumes of sensitive customer data, particularly when using external support staff. For now, Coinbase is focusing on fixing the damage and rebuilding trust with its users.
