The recent security breach at Coinbase Global has sparked an investigation by the US Justice Department. According to a report by Bloomberg, cybercriminals in India bribed employees and contractors to steal sensitive customer data, which was then used in an extortion attempt. The probe is being led by the department’s criminal division in Washington.
Coinbase disclosed the breach last Thursday, revealing that criminals had bribed customer support representatives to steal sensitive client data. The attackers demanded a $20m ransom in exchange for not releasing the stolen information. The company received an anonymous email from the hackers on May 11, which included the ransom demand.
In response to the incident, Coinbase’s chief legal officer Paul Grewal stated, “We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors.” The breach occurred when cybercriminals used a social engineering attack to manipulate insiders into providing access to customer data. A small number of overseas customer support agents were bribed to copy sensitive data from internal Coinbase systems.
Coinbase has since fired those involved and estimates that the cost of the incident could reach as much as $400m. Personal information compromised in the breach included names, contact details, masked Social Security numbers, and bank account information. However, no customer funds, passwords, private keys, or access to wallets were affected. Additionally, the attackers did not gain access to hot or cold wallets, and Coinbase Prime users were not compromised.
In the months leading up to the breach, Coinbase had detected suspicious activity involving customer support agents outside the US collecting data from internal systems. The company took immediate action to address these instances and prevent further unauthorized access. While the breach did not result in direct financial theft, it raised concerns about the vulnerability of customer data and the increasing use of social engineering in cyberattacks.
Coinbase chose not to meet the ransom demand and instead focused on strengthening its security systems and notifying affected users. The investigation by the US Justice Department will shed light on the extent of the breach and the actions taken by cybercriminals to access sensitive customer data. The incident serves as a reminder of the importance of robust cybersecurity measures in protecting customer information and preventing unauthorized access to sensitive data.