Coinbase Data Breach Allegedly Orchestrated by TaskUs Workers, Claims Court Documentation
In a shocking turn of events, a class action lawsuit has been filed against TaskUs, a Delaware-registered but Texas-based company owned by private equity firm Blackstone, over the May 2025 Coinbase crypto data breach. The lawsuit, filed with the US District Court for the Southern District of New York on September 16, has revealed further details about the hack.
The legal document states that Coinbase hired TaskUs to handle customer support from India, giving the company access to customers' personal data in exchange for payment. However, investigators claim that one individual TaskUs employee, Ashita Mishra, agreed to sell highly sensitive Coinbase user data to the criminals as early as September 2024.
Mishra, a former TaskUs employee who worked at the company's service center in Indore, India, from at least September 2024 until her arrest in January 2025, is accused of stealing and selling sensitive Coinbase customer crypto data obtained during her employment. She allegedly enlisted supervisors and team leaders, transforming a solo insider theft into a structured, large-scale breach conspiracy.
The attackers aimed to use the stolen data to impersonate Coinbase and trick customers into handing over their cryptocurrency holdings. The crypto data breach was revealed by Coinbase on May 15, 2025, and likely exposed the data of nearly 70,000 of its customers.
The plaintiffs, identified as five named individuals, are demanding financial compensation for losses that include stolen cryptocurrency, out-of-pocket expenses, and the lasting harm caused by the exposure of their personal data. They are pushing for a court order that would require TaskUs to implement stricter crypto security measures to prevent future breaches.
The filing claims TaskUs had inadequate cybersecurity measures and failed to enforce even its own weak protocols, prioritizing profit over protection. Furthermore, without these changes, the exposed data will continue to put customers at risk of long-term threats, including identity theft, fraud, and other forms of financial exploitation.
TaskUs has confirmed the involvement of its staff while seeking to minimize the extent of its security failures. However, the lawsuit alleges that despite being entrusted with sensitive customer crypto data, the company did not update its risk factors or make any material updates to its securities filings to alert the market to its role in the Coinbase crypto data breach.
In June 2025, Coinbase publicly acknowledged that the 'rogue overseas support agents' who committed the breach worked for TaskUs. The plaintiffs allege that TaskUs attempted to cover up the 2025 crypto data breach by firing its own HR investigators who had uncovered the full extent of the security failures just months before the breach was publicly disclosed.
The plaintiffs are demanding significant financial compensation for the losses suffered as a result of the crypto data breach. Coinbase estimates that losses as a result of stolen cryptocurrency assets from the data breach may be as high as $400m. This case serves as a stark reminder of the importance of robust crypto security measures and the potential consequences of failing to protect sensitive customer crypto data.
Read also:
- Transforming Digital Inventories in the Food Industry: A Comprehensive Guide for Food Businesses
- Munich Airport Unveils Its New Electrical Vehicle Charging Parksite
- 1. Key Points for August 14: Gathering in Alaska, Immigration Enforcement (ICE), Financial service Zelle, Infowars, and Air Canada Airline Incidents
- Automobile manufacturer IM Motors reveals an extended-range powertrain akin to installing an internal combustion engine in a Tesla Model Y.
