The U.S. Department of Justice has initiated an investigation into a data breach at Coinbase due to misconduct by customer support contractors based in India.
Circumstances of the Data Breach
According to Bloomberg, DOJ investigators are working alongside other law enforcement agencies following Coinbase's public disclosure of the incident on May 15. The company revealed that a group of outsourced employees misused their access privileges to steal user data. Those involved were promptly terminated.
Coinbase's Response
Coinbase's Chief Legal Officer, Paul Grewal, confirmed the company's cooperation with the ongoing investigation and expressed support for the criminal prosecution of those implicated. 'We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors,' he stated.
Legal Consequences of the Breach
Although Coinbase claims that no passwords, private keys, or customer funds were compromised, the stolen data reportedly enabled a series of sophisticated social engineering attacks. Victims included high-profile individuals, such as a Sequoia Capital partner, with total losses estimated at $400 million. Additionally, affected users have launched legal actions against Coinbase, claiming the company did not adequately protect their data.
As a result of the data breach investigation and extortion threat, Coinbase faces serious legal and financial repercussions, adding instability to its shareholder value.
