Coinbase hit with wave of lawsuits over customer data breaches

Coinbase has been hit with a flood of lawsuits after it recently disclosed its user data was breached, with users accusing the crypto exchange of mishandling the incident.

At least six lawsuits were filed against Coinbase between May 15 and May 16, which all made various claims that the exchange failed to keep stringent security protocols to protect user data and handled the data breach aftermath poorly.

In one of the lawsuits, filed in a New York federal court on May 16, plaintiff Paul Bender argued that Coinbase failed to protect the sensitive personal information of millions of users during the data breach. 

Coinbase reported on May 15 that four days earlier it had been hit with a $20 million extortion attempt after cybercriminals bribed several of its customer support agents to access internal systems and steal a limited amount of user account data.

The stolen data included names, addresses, phone numbers, emails, the last four digits of Social Security numbers, some bank account identifiers, driver’s licenses, passports and some account data, such as balance snapshots and transaction history.

Bender claimed that “Coinbase failed to implement and maintain reasonable security safeguards,” which exposed users to “serious and ongoing risks.”

The suit also claimed Coinbase’s response to the incident was “inadequate, fragmented, and delayed.”

“Users were not promptly or fully informed of the compromise, and Coinbase did not immediately take meaningful steps to mitigate further harm,  provide identity protection services, or offer actionable guidance to affected individuals,” the complaint claimed.

The lawsuit claimed users could face “substantial, immediate, and ongoing threat of identity theft and financial fraud” and that the consequences of the breach could be long-term or “potentially permanent” because the compromised information can’t be recovered or made secure once exposed.

Two other lawsuits filed in a New York federal court made similar claims against Coinbase, while a fourth lawsuit added the allegation of unjust enrichment, arguing that Coinbase didn’t spend enough on data security measures.

All four complaints ask for damages and other measures to help protect the plaintiff’s sensitive data.

Meanwhile, a fifth lawsuit filed in a California federal court on May 15 made similar claims against Coinbase, but asked the court to order Coinbase to purge all sensitive data it holds about the plaintiffs and hire third-party security auditors to test its security systems, among other requests.

A Coinbase spokesperson did not comment on the lawsuits and instead pointed Cointelegraph to a blog post it shared regarding the data breaches.

Coinbase said it refused to pay the $20 million ransom and has flagged plans to reimburse users tricked into sending crypto to phishing scammers due to the data breach.

In a filing with the US Securities and Exchange Commission, the exchange said it expects reimbursement expenses ranging from $180 million to $400 million.

Related: Retired artist loses $2M in crypto to Coinbase impersonator

The exchange also reportedly fired a group of customer support agents based in India following their alleged involvement in social engineering attacks on users.

Coinbase (COIN) shares dipped 7% and dropped to $244 after it disclosed the data breach along with an ongoing SEC probe over misstated user numbers in 2021.

The stock has since staged a comeback, spiking 9% and hitting $266 by the closing bell on May 16, according to Google Finance. 

Magazine: Arthur Hayes $1M Bitcoin tip, altcoins’ powerful rally’ looms: Hodler’s Digest, May 11 – 17