• Coinbase faces lawsuits after hackers accessed user data through bribed customer support agents.

  • Users claim Coinbase failed to protect personal information and delayed action after the breach.

  • Coinbase refused to pay ransom and may spend up to 400 million to cover user losses and damages.

Coinbase is now facing intense legal pressure after revealing a serious data breach. At least six lawsuits were filed between May 15 and 16. Users have accused the crypto exchange of failing to protect sensitive personal data and mishandling the breach aftermath.

https://twitter.com/InstitutionalFi/status/1924360456434585973

The lawsuits argue that Coinbase did not uphold basic cybersecurity protocols. Plaintiffs claim the company exposed users to ongoing risks by failing to secure internal systems. They also allege Coinbase delayed informing affected users and failed to offer meaningful support or protection.

Cyberattack Led to $20 Million Extortion Attempt

Coinbase recently disclosed that cybercriminals accessed internal systems after bribing several customer support agents. The breach occurred on May 11. Attackers then attempted to extort $20 million from the company.

The compromised information included names, email addresses, and phone numbers. Other details exposed were partial Social Security numbers, bank account identifiers, passports, and driver’s licenses. Some user account data, such as balance snapshots and transaction history, were also accessed.

Coinbase confirmed it refused to pay the ransom. The exchange said it is working to reimburse users affected by phishing scams linked to the breach. It also disclosed plans to spend up to $400 million in reimbursement expenses.

Allegations Include Inadequate Response and Delayed Action

One complaint filed in New York federal court claims Coinbase failed to act swiftly. It said the exchange did not promptly inform users or offer identity protection services. Plaintiffs also accused Coinbase of offering little actionable guidance following the breach.

Multiple lawsuits echoed similar allegations. One case included a claim of unjust enrichment, alleging Coinbase underinvested in cybersecurity. Plaintiffs in these cases are seeking financial damages. Some also request court orders demanding stricter data protection measures.

Lawsuits Demand Data Purge and Independent Audits

A separate lawsuit filed in California requested that Coinbase purge all sensitive data held on affected users. It also called for third-party security audits to review Coinbase’s data protection systems.

Coinbase has fired several customer service agents in India, following their alleged involvement in the incident. The company said these employees were linked to social engineering attacks used to carry out the breach.

The legal challenges have raised new concerns over data security within the crypto industry. More scrutiny is expected as the lawsuits progress through federal courts.