Crypto Reporter
Shalini Nagarajan
Crypto Reporter
Shalini Nagarajan
Share
The US Justice Department has opened an investigation into a recent security breach at Coinbase Global.
Bloomberg reported Monday that the probe focuses on how cybercriminals bribed employees and contractors in India to steal sensitive customer data, which was then used in an extortion attempt.
The investigation is being led by the department’s criminal division in Washington.
Coinbase disclosed the breach last Thursday, revealing that criminals had bribed customer support representatives to steal sensitive client data. The attackers then demanded a $20m ransom in exchange for not releasing the stolen information. The company received an anonymous email from the hackers on May 11, which included the ransom demand.
Coinbase Fires Rogue Agents and Estimates $400M in Losses After Bribery-Driven Breach
In response to the incident, Coinbase’s chief legal officer Paul Grewal stated, “We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors.”
The breach occurred when cybercriminals used a social engineering attack, manipulating insiders into providing access to customer data. According to Coinbase, a small number of overseas customer support agents were bribed to copy sensitive data from internal Coinbase systems.
The company has since fired those involved and estimated the cost of the incident could reach as much as $400m.
Coinbase Prevents Wallet and Fund Access During Data Breach
Coinbase clarified that some personal information was compromised. This included names, contact details, masked Social Security numbers and bank account information. However, no customer funds, passwords, private keys or access to wallets were affected. Additionally, the attackers did not gain access to hot or cold wallets. Coinbase Prime users were also not compromised.
In the months leading up to the breach, Coinbase had detected suspicious activity involving customer support agents outside the US collecting data from internal systems. The company took immediate action to address these instances and prevent further unauthorized access.
While the breach did not result in direct financial theft, it raised concerns about the vulnerability of customer data and the increasing use of social engineering in cyberattacks. Coinbase opted not to meet the ransom demand, instead focusing on strengthening its security systems and notifying affected users.
Credit: Source link
