Coinbase Global Says Customer Data Stolen, Held For Ransom — Update

By Colin KellaherCoinbase Global said cyber criminals have stolen customer data and are demanding $20 million in exchange for not publicly disclosing it, but the cryptocurrency exchange says it won't pay the ransom and instead is offering a $20 million reward for information leading to the arrest and conviction of those responsible for the breach.Coinbase on Thursday said it has estimated preliminary expenses of $180 million to $400 million for remediation costs and voluntary customer reimbursements relating to the incident, which involves less than 1% of its monthly transacting users.The New York company said it determined that cyber criminals had bribed and recruited a group of contractors or employees working in support roles outside the U.S. to steal Coinbase customer data in a bid to facilitate social-engineering attacks.Coinbase said that while customer funds weren't accessed, the insiders used their access to support systems to steal account data for a small subset of customers, including personal information such as names, addresses, phone numbers and email addresses; masked social-security and bank-account numbers; government‑ID images such as driver's licenses and passports; and account data such as balance snapshots and transaction histories.Coinbase said the group was working to gather a list of customers they could contact while pretending to be the company in an attempt to dupe people out of their cryptocurrency. The company said it plans to reimburse customers who were tricked into sending funds to the attackers.Coinbase said it fired the insiders who were involved in the scheme, and that it plans to press criminal charges. The company said it is opening a new support hub in the U.S. and taking other measures to harden its defenses.Coinbase said it can't yet determine the full impact of the breach, and that a further review of potential losses, indemnification claims and potential recoveries could meaningfully increase or decrease its preliminary estimate of costs related to the incident.Shares of Coinbase, which surged earlier this week on news that the cryptocurrency exchange will be joining the benchmark S&P 500 index, were recently down 3% in premarket trading.Write to Colin Kellaher at [email protected]