Major U.S. cryptocurrency exchange Coinbase has confirmed that fewer than 1% of its customers had their data compromised by threat actors who bribed its overseas customer service support agents for systems access, reports SiliconANGLE.
Internal systems access enabled the exfiltration of customers' names, phone numbers, home addresses, and email addresses, as well as masked bank account numbers, the last four digits of their Social Security numbers, government ID images, and certain corporate data, but not their private keys, credentials, or funds, according to Coinbase, which warned its customers of imminent social engineering attacks stemming from the breach. Moreover, Coinbase has refused to pay the $200 million ransom, which was instead placed in a bounty program for any information resulting in the arrest or conviction of its attackers. Such an incident was noted by Swimlane Lead Security Automation Architect Nick Tausek to signify the importance of strengthening insider threat detection. "As outsourcing scales and operations stretch across time zones, insider threat detection and access governance can't be afterthoughts," Tausek added.
Internal systems access enabled the exfiltration of customers' names, phone numbers, home addresses, and email addresses, as well as masked bank account numbers, the last four digits of their Social Security numbers, government ID images, and certain corporate data, but not their private keys, credentials, or funds, according to Coinbase, which warned its customers of imminent social engineering attacks stemming from the breach. Moreover, Coinbase has refused to pay the $200 million ransom, which was instead placed in a bounty program for any information resulting in the arrest or conviction of its attackers. Such an incident was noted by Swimlane Lead Security Automation Architect Nick Tausek to signify the importance of strengthening insider threat detection. "As outsourcing scales and operations stretch across time zones, insider threat detection and access governance can't be afterthoughts," Tausek added.
