Coinbase disclosed that criminals stole a small amount of customer data (involving less than 1% of monthly transaction users) by bribing overseas customer service agents for social engineering attacks. The leaked data included names, addresses, phone numbers, and some account information, but did not involve passwords, private keys, or access to funds. Coinbase refused to pay the $20 million extortion demand.