Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December.
"Last year our security team detected that a single Coinbase contractor improperly accessed customer information, impacting a very small number of users (approximately 30)," a Coinbase spokesperson told BleepingComputer.
"The individual no longer performs services for Coinbase. Impacted users we notified last year and were provided with identity theft protection services and other guidance. We have also disclosed this incident to the relevant regulators, as is standard practice."
BleepingComputer has learned that this is a newly revealed insider breach and is not related to the previously disclosed TaskUs insider breach in January 2025.
This statement comes after threat actors known as "Scattered Lapsus Hunters" (SLH) briefly posted screenshots of an internal Coinbase support interface on Telegram and then deleted the posts soon after.
The screenshots showed a support panel that gave access to customer information, including email addresses, names, date of birth, phone numbers, KYC information, cryptocurrency wallet balances, and transactions.
It is not uncommon for screenshots and stolen data to be passed around among different threat actors before being leaked or disclosed, so it is unclear whether this group was behind the insider breach or whether other threat actors carried it out.
However, the same threat actors previously claimed to have bribed an insider at CrowdStrike to share screenshots of internal applications.
BPOs under attack
Over the past few years, Business Process Outsourcing (BPO) companies have become increasingly targeted by threat actors seeking access to customer data, internal tools, or corporate networks.
... continue reading