Coinbase Faces Class Action Lawsuit Over Data Breach Disclosure Delay

Investors in
have initiated a class action lawsuit against the cryptocurrency exchange, alleging that the company mishandled a significant data breach and failed to disclose key risks in a timely manner. The lawsuit, filed in the US District Court for the Eastern District of Pennsylvania, claims that Coinbase's omissions led to substantial financial losses for investors.The lead plaintiff, investor
Nessler, asserts that Coinbase did not inform shareholders about critical risks, including a breach of a 2020 agreement by its UK subsidiary, , and a December cyberattack that exposed the personal data of tens of thousands of users. The breach involved hackers bribing customer service staff, and it was not disclosed until May 15, 2025. On the day of the announcement, Coinbase’s stock fell by 7.2% to close at $244. The company estimated the potential financial fallout from the breach, including customer reimbursements and internal remediation, could range between $180m and $400m.The lawsuit names Coinbase CEO Brian Armstrong and CFO Alesia Haas as co-defendants, accusing the company of violating federal securities laws by failing to make timely disclosures that could have warned investors of the risks. Shareholders who purchased Coinbase stock between April 14, 2021, and May 14, 2025, are included in the proposed class. The suit seeks to recover damages tied to the stock price decline following the disclosures.
This legal action is one of several that Coinbase is currently facing in connection with the breach. Between May 15 and May 16, at least six class-action lawsuits were filed against the exchange. Plaintiffs in those cases have accused the company of negligence, weak cybersecurity infrastructure, and a delayed, inadequate response to the incident.
The breach affected data from nearly 97,000 accounts, and the hacker demanded a $20m ransom. They gained access to government-issued IDs and email addresses. Coinbase refused to pay the ransom and instead offered a $20m bounty to track down the perpetrator. It later confirmed that sensitive data from at least 69,461 customers had been compromised. The company has since dismissed the employees involved and stated that it is enhancing internal controls. However, the timing of its disclosure has raised concerns, with both investors and regulators questioning the delay. As a result, fresh scrutiny is now falling on the exchange.
The lawsuit highlights the importance of timely disclosure and robust cybersecurity measures for companies handling sensitive user data. The allegations against Coinbase underscore the potential legal and financial repercussions of failing to protect user information and disclose risks promptly. As the investigation by the US Justice Department continues, the outcome of these legal actions could set a precedent for how companies are held accountable for data breaches and cybersecurity failures.

Comments
No comments yet