Victims Divided on Legal Strategy in Wake of Coinbase Data Breach
As more details about Coinbase’s recent data breach emerge, victims are divided on the best legal strategy moving forward.
Background of the Data Breach
In May, Coinbase disclosed that personal information, including government ID images and partial social security numbers, of over 69,000 users had been compromised. Attorneys representing the victims claim that Coinbase and a third party were aware of the breach as early as January but only informed customers and regulators in May.
Coinbase, however, stated in a regulatory filing that they became aware of the breach in May 2025 when a hacker demanded a $20 million ransom payment. The actual breach occurred in December 2024 according to Coinbase.
Legal Action and Lawsuits
Following the breach, numerous lawsuits were filed against Coinbase, with most cases being pushed into arbitration due to a clause in the exchange’s user agreement that was updated in March.
A class action law firm, Greenbaum Olbrantz, filed a lawsuit against TaskUs, a third-party service used by Coinbase for customer support, alleging that a former TaskUs employee, Ashita Mishra, was involved in the data breach by stealing and selling confidential customer information to hackers. The complaint also mentioned the involvement of other TaskUs employees in the scheme.
Divided Legal Strategy
Victims pursuing legal action against Coinbase and TaskUs are currently split on how to proceed. One group advocates for a consolidated complaint against both companies, with 15 law firms collaborating on the case and coordinating the legal strategy.
On the other hand, Greenbaum Olbrantz and two other firms disagree, fearing that naming Coinbase as a co-defendant would lead to a motion for arbitration, which could prolong and escalate the legal process for the victims. They believe that focusing on TaskUs, where the criminal activity allegedly took place, is the more strategic approach.
Previous Incidents Involving TaskUs
Greenbaum’s amended complaint highlights that this is not the first time TaskUs has been implicated in a customer data breach. In a 2022 class action lawsuit related to a Ledger data breach, similar allegations were made against TaskUs, resulting in a settlement in 2025.
Decision Pending
The judge will ultimately decide which legal team and strategy will be in the best interest of the affected class, weighing the arguments presented by both sides.