Coinbase Faces Criticism Over Significant Data Breach Impacting Almost 69,461 Users

Coinbase is under intense scrutiny and regulatory attention after confirming a major data breach that compromised the personal data of nearly 70,000 users.

A report submitted to the Maine Attorney General’s Office indicated that 69,461 individuals were affected, including 217 Maine residents. The exchange noted that this breach impacted less than 1% of its active monthly users.

Recently, it was disclosed that a group of foreign customer service representatives, allegedly bribed by hackers, had leaked sensitive internal information. This data, which included names, contact information, social security numbers, and identity verification documents, was used to impersonate Coinbase employees in sophisticated scams that resulted in significant financial losses.

Following the incident, the attackers reportedly sought to extort $20 million in Bitcoin from the exchange. Coinbase declined to make the payment, and the full scope of the breach remained uncertain until the recent state-level report came out.

The CEO of Coinbase, Brian Armstrong, stated that the compromised information had not appeared on the dark web, suggesting that the attackers had little motivation to release it. He highlighted a broader concern over regulatory demands for extensive personal data collection.

Armstrong mentioned that laws like the Bank Secrecy Act (BSA) and anti-money laundering (AML) regulations are outdated and may infringe on constitutional rights.

He expressed his hope for a constitutional challenge against BSA/AML laws or for Congress to reconsider them, arguing that current laws are not aligned with today’s realities and may violate the Fourth Amendment, which protects against unreasonable searches and seizures.

Despite Armstrong’s statements, Coinbase is experiencing heightened public criticism and is reportedly under federal investigation due to its response to the breach.

The criticism has grown, especially after crypto critic Molly White pointed out a new clause in the platform’s terms of service. This update, which took effect on May 15, just a day after the breach was disclosed, limits users’ ability to file class action lawsuits and requires arbitration in New York.

Armstrong defended this update, asserting that it was in the works long before the breach was announced. He emphasized that the arbitration clause and class action waiver were not entirely new provisions.

Simultaneously, crypto security expert Taylor Monahan accused Coinbase of neglecting months of warnings about dubious activities on the platform. She claimed that internal teams dismissed credible alerts and only took action when the breach became undeniably evident.

Monahan stated, “Numerous investigators provided evidence of significant thefts and insider issues for over six months. We continued to bring this to your teams’ attention even as we were met with dismissal and criticism for our approach.”