TaskUs Staff Implicated in Coinbase Data Breach, Court Docs Claim
▼ Summary
– A TaskUs employee was identified as the main conspirator in a May 2025 data breach at Coinbase, which exposed data of nearly 70,000 customers.
– The attackers bribed rogue overseas support agents to steal customer data and facilitate social engineering attacks, demanding a $20 million ransom from Coinbase.
– TaskUs confirmed staff involvement but minimized security failures, while prosecutors accused the company of attempting to cover up the breach and negligence in cybersecurity.
– Employee Ashita Mishra allegedly stole and sold sensitive customer data for $200 per record, amassing over 10,000 records and enlisting supervisors in the conspiracy.
– A class action lawsuit seeks financial compensation for losses up to $400 million and demands court-ordered stricter security measures from TaskUs.
A recent court filing has identified an employee at business process outsourcing firm TaskUs as the central figure in a major data breach targeting cryptocurrency exchange Coinbase in May 2025. The incident, which Coinbase disclosed publicly, involved cybercriminals who allegedly bribed and recruited overseas support agents to steal sensitive customer information and carry out social engineering attacks.
According to the exchange, the breach took place in December 2024 and potentially compromised the personal data of nearly 70,000 users. Attackers reportedly intended to use this information to impersonate Coinbase representatives and deceive customers into surrendering their cryptocurrency assets. The group behind the breach demanded a $20 million ransom, but Coinbase refused to pay, instead establishing a reward fund of the same amount for information leading to arrests and convictions.
A class action lawsuit filed in the U.S. District Court for the Southern District of New York on September 16 provided further details about the incident. The suit names five Coinbase customers as plaintiffs, with TaskUs and an unnamed individual listed as defendants. TaskUs, a Texas-based company owned by private equity firm Blackstone, supplies outsourced customer support staff to major tech clients, including Coinbase. The filing indicates that Coinbase contracted TaskUs to manage support operations from India, granting the firm access to users’ personal information.
In June 2025, Coinbase publicly confirmed that the “rogue overseas support agents” referenced in its earlier statement were employed by TaskUs. The crypto exchange stated it had severed ties with the implicated personnel and strengthened its security protocols. One individual, Ashita Mishra, is accused of participating in the conspiracy as early as September 2024 by agreeing to sell highly sensitive user data to criminals.
TaskUs has acknowledged staff involvement in the breach while downplaying the scope of its security shortcomings. The company stated it identified two individuals who illegally accessed client information and were part of a broader criminal campaign affecting multiple service providers. TaskUs reported the activity to the client, terminated the employees involved, and is cooperating with law enforcement.
Prosecutors allege that Mishra systematically stole and photographed sensitive customer records, up to 200 per day, beginning in September 2024. The stolen data included names, addresses, email accounts, partial banking information, account balances, and Social Security numbers. Mishra is said to have sold each record for $200, accumulating personal information from more than 10,000 customers before her arrest in January 2025. The operation reportedly expanded as Mishra enlisted supervisors and team leaders, evolving from an individual insider theft into an organized, large-scale conspiracy.
The court documents further accuse TaskUs of attempting to conceal the breach by dismissing its own HR investigators, who had uncovered the full extent of the security failures, months before the incident became public. Prosecutors claim the company acted to hide its negligence, including insufficient cybersecurity measures and a failure to enforce even its own weak protocols. The filing also notes that Blackstone and TaskUs co-founders executed a buyout to take the company private at a $1.62 billion valuation less than a week before Coinbase notified customers of the breach. TaskUs has not updated its risk factors in securities filings to reflect its role in the incident.
Coinbase now estimates that losses from stolen cryptocurrency assets could reach $400 million. Prosecutors argue that TaskUs violated legal and ethical obligations by failing to implement basic security measures, delaying breach notifications, and concealing the incident, thereby preventing victims from taking protective actions. The company’s alleged negligence enabled criminals to steal personally identifiable information (PII), exposing millions to risks of financial fraud, identity theft, and even physical harm, some users reportedly hired bodyguards due to kidnapping fears.
The plaintiffs are seeking financial compensation for stolen cryptocurrency, out-of-pocket expenses, and lasting damage from the exposure of their personal data. They are also requesting a court order mandating that TaskUs adopt stricter security measures to prevent future breaches. Without these changes, they argue, the compromised data will continue to pose long-term threats, including identity theft and financial exploitation.
(Source: Info Security)
