{"id":2897,"date":"2025-09-20T18:57:52","date_gmt":"2025-09-20T18:57:52","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/09\/20\/taskus-employees-behind-coinbase-breach-us-court-filing-alleges\/"},"modified":"2025-09-20T18:57:52","modified_gmt":"2025-09-20T18:57:52","slug":"taskus-employees-behind-coinbase-breach-us-court-filing-alleges","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/09\/20\/taskus-employees-behind-coinbase-breach-us-court-filing-alleges\/","title":{"rendered":"TaskUs Employees Behind Coinbase Breach, US Court Filing Alleges"},"content":{"rendered":"<div id=\"layout-c5b743f0-47b8-438d-ba2f-3e6f357e4fee\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A court filing has identified an employee at business process outsourcing firm TaskUs as the key conspirator in a large-scale data breach targeting the cryptocurrency exchange Coinbase in May 2025.<\/p>\n<p>The breach was revealed on May 15 by Coinbase in a post stating that cybercriminals bribed and recruited a group of rogue overseas support agents to steal its customer data and facilitate social engineering attacks.<\/p>\n<p>The US crypto company said that the incident occurred in December 2024 and likely exposed the data of almost 70,000 of its customers.<\/p>\n<p>According to Coinbase, the attackers planned to use the stolen data to impersonate Coinbase and trick customers into handing over their cryptocurrency holdings.<\/p>\n<p>The attackers asked Coinbase to pay a $20m ransom to put an end to the scam.<\/p>\n<p>However, the company publicly said it refused to pay and instead launched a $20m reward fund for anyone who could provide information leading to the arrest and conviction of the criminals responsible for the attack.<\/p>\n<h2><strong>Class Action Lawsuit Against TaskUs<\/strong><\/h2>\n<p>On September 16, a class action lawsuit filed with the US District Court for the Southern District of New York revealed further information about the hack.<\/p>\n<p>The court document identified five named individuals, all Coinbase customers, as the plaintiffs. \u00a0TaskUs and an unnamed person have been named as the defendants.<\/p>\n<p>TaskUs is a Delaware-registered but Texas-based company owned by private equity firm Blackstone. According to the court filing, TaskUs \u201cprovides thousands of outsourced, low-paid employees to perform customer service support for major technology-sector clients.\u201d<\/p>\n<p>The legal document also stated that Coinbase hired TaskUs to handle customer support from India, giving the company access to customers\u2019 personal data in exchange for payment. TaskUs employees in India provided these services to Coinbase and its users.<\/p>\n<p>The document mentioned that in June 2025 Coinbase publicly acknowledged that those \u201crogue overseas support agents\u201d mentioned in its May public statement worked for TaskUs. The crypto-exchange platform provider \u201ccut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.\u201d<\/p>\n<p>One individual TaskUs employee, Ashita Mishra, is accused of \u201cjoining the conspiracy by agreeing to sell highly sensitive Coinbase user data to those criminals\u201d as early as September 2024.<\/p>\n<h2><strong>TaskUs Confirms Staff Involvement in Coinbase Breach<\/strong><\/h2>\n<p>According to the court filing, TaskUs has confirmed the involvement of its staff while seeking to minimize the extent of its security failures.<\/p>\n<p>The outsourcing company claimed that \u201cit identified two individuals who illegally accessed information from one of our clients [who] were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.\u201d<\/p>\n<p>TaskUs said that it had reported the activity to the client, ended the contracts of the individuals involved and was coordinating with law enforcement.\u00a0<\/p>\n<h2><strong>Accusations Against Named TaskUs Employee<\/strong><\/h2>\n<p>The court filing alleged that Mishra systematically stole and photographed sensitive Coinbase customer records \u2013 up to 200 per day \u2013 from September 2024 including names, addresses, emails, partial bank account details, account balances and Social Security numbers.<\/p>\n<p>According to prosecutors, Mishra sold the stolen data to hackers for $200 per record, amassing a trove of over 10,000 customers\u2019 personal information on her device before her arrest in January 2025.<\/p>\n<p>Investigators claim the operation didn\u2019t stop with Mishra, as she allegedly enlisted supervisors and team leaders, transforming a solo insider theft into a structured, large-scale breach conspiracy.<\/p>\n<h2><strong>TaskUs Accused of Cover-Up<\/strong><\/h2>\n<p>Prosecutors claimed that TaskUs allegedly attempted to cover up the 2025 data breach by firing its own HR investigators, who had uncovered the full extent of the security failures, just months before the breach was publicly disclosed.<\/p>\n<p>The filing also claimed that TaskUs did this to hide its negligence, including inadequate cybersecurity measures and a failure to enforce even its own weak protocols. Despite being entrusted with sensitive customer data, TaskUs allegedly prioritized profit over protection, leaving users vulnerable to theft and fraud.<\/p>\n<p>Finally, the document noted that Blackstone, along with the outsourcing company\u2019s co-founders, executed a buy-out to take TaskUs private at a valuation of $1.62bn less than one week before Coinbase publicly disclosed the data breach to its customers.<\/p>\n<p>\u201cTaskUs has not updated its risk factors or otherwise made any material updates to its securities filings to explicitly alert the market to TaskUs\u2019 role in the Coinbase data breach,\u201d the filing reads.<\/p>\n<h2><strong>Coinbase Customers Demand Financial Compensation<\/strong><\/h2>\n<p>Today, Coinbase estimates that losses as a result of stolen cryptocurrency assets from the data breach may be as high as $400m.<\/p>\n<p>The prosecutors argued that TaskUs breached its legal and ethical duties by failing to implement basic security safeguards, delaying breach notifications and concealing the incident, thus depriving victims of the chance to protect themselves.<\/p>\n<p>They said the company\u2019s negligence enabled criminals, including insiders, to steal personally identifiable information (PII), putting millions at risk of financial fraud, identity theft, and even physical harm, as some Coinbase users reportedly hired bodyguards fearing kidnappings tied to the breach.<\/p>\n<p>As a result, the plaintiffs are demanding financial compensation for losses that include stolen cryptocurrency, out-of-pocket expenses and the lasting harm caused by the exposure of their personal data.<\/p>\n<p>They are also pushing for a court order that would require TaskUs to implement stricter security measures to prevent future breaches.<\/p>\n<p>The plaintiffs argued that without these changes, the exposed data will continue to put customers at risk of long-term threats, including identity theft, fraud and other forms of financial exploitation.<\/p>\n<p><em>Infosecurity <\/em>reached out to TaskUs for comment but had not received a response at the time of writing.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A court filing has identified an employee at business process outsourcing firm TaskUs as the key conspirator in a large-scale data breach targeting the cryptocurrency exchange Coinbase in May 2025. The breach was revealed on May 15 by Coinbase in a post stating that cybercriminals bribed and recruited a group of rogue overseas support agents<\/p>\n","protected":false},"author":2,"featured_media":2898,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2897-10960de5-340c-40b0-989d-9b8f70d50b92-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2897"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2897\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2898"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}