Coinbase Data Breach Exposes 1% of Users, Costs $180M-$400M

Coinbase, a prominent cryptocurrency exchange, disclosed on Thursday that a breach had exposed the personal identifiable information of less than 1% of its monthly users. The compromised data includes names, addresses, phone numbers, the last four digits of Social Security numbers, government ID data, and other sensitive information. The breach occurred when overseas support agents provided private customer data, including government IDs and customer addresses, to scammers. These scammers are believed to be using the stolen data to target CoinbaseCOIN-- customers through social engineering scams.

Coinbase has chosen not to pay the $20 million bitcoin ransom demanded by the attackers. CEO Brian Armstrong stated that the company is taking measures to prevent similar incidents in the future and is compensating those affected by the breach. The estimated cost of this data breach to Coinbase ranges from $180 million to $400 million.

Crypto and IP attorney Ariel Givner highlighted the widespread concern among clients who received notifications about the exposure of their information in the Coinbase breach. The primary concerns for those affected include identity theft, fraud in their name, and targeted financial scams directed at them or their immediate family.

For individuals notified by Coinbase about the data breach, several protective measures can be taken. Personal information removal services, such as DeleteMe, can help remove information from the internet. Additionally, blurring out one's home from Google Maps' street view and freezing credit to prevent unauthorized lines of credit can be effective. Placing a fraud alert with major credit bureaus, as suggested by Microsoft, is also advisable.

Further precautions include warning immediate family members and close friends about potential social engineering scams and establishing a secret word or phrase to verify identity. The Texas Attorney General’s office recommends avoiding debit cards for online purchases and using a single credit card for online transactions to better protect one's online identity. California’s Attorney General advises using antivirus software, being cautious of unrequested phone calls, and avoiding phishing emails. Opting out of pre-approved credit card offers and regularly reviewing monthly statements and annual credit reports are also recommended.

In the context of cryptocurrency, it is crucial never to share seed phrases, recovery phrases, or wallet passwords with anyone, including those claiming to be customer support. Storing recovery phrases on pen and paper in a secure location is advised. Using an encrypted password manager app, enabling two-factor authentication via an authenticator app, and ensuring strong, unique passwords for every account are additional security measures.

Coinbase is advising users to be vigilant for imposters, turn on withdrawal allow-listing, lock their accounts if anything feels amiss, and review tips on avoiding social engineering scams. Data breaches are unfortunately common, with numerous companies and entities experiencing such incidents last year. These breaches often result in class-action lawsuits or government-issued fines, with the average cost of a data breach being significant.

Many data breaches are preventable and can be mitigated through improved access and data storage practices. Human errors contribute to a significant portion of data breaches, underscoring the importance of robust security measures and vigilance.