Court documents filed in New York have identified a suspect in a significant data breach that compromised the information of thousands of Coinbase customers. The amended class-action lawsuit, lodged in the Southern District of New York, accuses employees from the outsourcing firm TaskUs of accepting bribes exceeding $500,000 to leak sensitive data.
Details reveal that the breach originated in India, where criminal operatives infiltrated Coinbase’s customer support operations. The plaintiffs allege that TaskUs exhibited systemic failures and lack of transparency, with insider threats enabling the leak from late 2024 until the breach was ultimately uncovered in January 2025.
A primary suspect, Ashita Mishra, an employee at the outsourced customer service branch of Coinbase, reportedly began stealing sensitive customer information, including Social Security numbers and bank account details, as early as September 2024. The allegations suggest that TaskUs employees received $200 per photo for capturing images of customer data displayed on their computer screens. It’s estimated that through this bribery scheme, at least $500,000 was generated—equivalent to the annual salaries of over 100 employees in India.
The court documents describe a “hub-and-spoke” conspiracy in which Mishra, along with an accomplice, directed smaller groups of TaskUs employees to gather and disseminate Coinbase user records. This structure allowed the operation to remain undetected even when certain individuals were exposed, as many participants didn’t know the extent of others’ involvement.
Amid these allegations, it is reported that TaskUs terminated around 300 employees in January upon uncovering the breach’s extent. However, plaintiffs contend the company sought to suppress information from insiders raising alarm about the data leak, even dismissing human resources personnel who initiated their own investigations into the matter.
Previous reports indicated that TaskUs employees had used personal devices to capture screenshots of customer accounts, revealing sensitive details such as names, addresses, and transaction histories. The plaintiffs’ new complaint argues that this operation constituted a “far broader and coordinated criminal campaign” than TaskUs acknowledged publicly.
Furthermore, the documents imply that there was a delay in disclosures related to the breach. While Coinbase allegedly became aware of the leak in January, it remained silent until May, by which time it is believed that criminals had successfully stolen between $180 million and $400 million in customer assets.
In response to the breach, Coinbase has stated that it acted promptly to notify regulators and affected users as soon as it learned of the incident. The company reportedly terminated the TaskUs employees involved, severed ties with other overseas agents, and implemented stricter controls. However, Coinbase has not disclosed the names of any other implicated foreign agents.
This incident underscores the inherent risks of outsourcing crucial customer service functions within the cryptocurrency sector—an arena where companies frequently handle sensitive personal data alongside substantial financial assets. Experts suggest that if these allegations are substantiated, they could significantly alter how cryptocurrency exchanges manage offshore operations, potentially casting a long shadow over TaskUs’s reputation as a reliable business process outsourcing provider.
