A New York court filing has revealed new details about a major data breach at Coinbase, one of the world’s largest cryptocurrency exchanges, which was done by an insider sitting in a customer support office in India. The filing claims that a former TaskUs employee in Indore, India, compromised data from more than 10,000 Coinbase customers by storing and selling their personal details.
The worker, identified as Ashita Mishra, is accused of storing sensitive customer details on her phone and selling them to hackers, raising serious questions over insider-linked breaches at the crypto exchange.
According to the filing, from September 2024, she started quietly stealing customer details: things like social security numbers, bank info, and ID photos. Later, she sold those photos to hackers for $200 each, which the hackers then used to act like Coinbase staff and cheat people.
Over 69,000 Coinbase customers had their personal data exposed as a result. Coinbase has said that its main systems and wallets are still safe, but with this kind of personal data out, people are now vulnerable to fraud and scams. The exchange has asked customers to stay careful and promised stronger security.
Also Read: Is Coinbase Safe in 2025? Key Facts Amid Data Breach Lawsuit
Outsourcing questioned
This case has also raised big questions about outsourcing. Companies like Coinbase hire outsourcing firms like TaskUs to handle customer queries because it’s cheaper and faster. But when external staff get access to such sensitive data, it clearly comes with risks.
TaskUs has not yet issued a detailed statement. Experts are saying this mess will probably make everyone push for stricter checks, like better audits, tougher background checks, and tighter control over who can see data at outsourcing centers in India and elsewhere.
Coinbase, which has always tried to look like the safest and most trusted crypto exchange, especially in the U.S., is now under pressure to prove it, and the breach could invite closer examination of how it oversees vendors handling customer data.
The exchange is already under scrutiny from U.S. regulators, and the breach could invite closer examination of how it oversees vendors handling customer data.
What comes next?
Mishra is facing criminal charges, though details of her detention remain limited. Regulators in both the U.S. and India are expected to follow the case closely. For customers, the fallout is still unfolding, as stolen records could circulate on the dark web for months.
For Coinbase, the immediate task is damage control. Beyond its secure blockchain, the exchange must convince users that the people and partners behind the platform can also be trusted.
Also Read: Coinbase Urges Court to Act on SEC’s Lost Gensler Texts
