Coinbase’s troubles after a recent user data breach have intensified on the legal front over the weekend. At least six lawsuits have been filed against the US-based exchange following the cybersecurity incident, a report by CoinTelegraph claimed on Monday. The exchange, in these legal filings, has been accused of failing to protect user security and poor handling of the incident’s aftermath. The filings also reportedly show that Coinbase users fear being exposed to further financial threats now that their personal details are with cyber criminals.
The lawsuits against Coinbase were filed last week, between May 15 and May 16. A majority of these have been filed in New York and at least one has been submitted at a California court, the report said, citing public records.
Coinbase Lawsuit Details
As per the report, the plaintiffs have said that Coinbase failed to train its employees adequately, which led to the data breach. The lawsuits claim that the exchange, touted among the largest in the world, did not deploy tight security measures and had put its users at further risk of fraud.
Citing the US Public Access to Court Electronic Records (PACER) website, the CoinTelegraph report claimed that Coinbase users said the exchange had not been prompt and detailed in providing information on the data breach. The lawsuits also criticised the exchange’s delay in announcing «meaningful steps» to mitigate the situation in a timely manner.
One of the lawsuits also accuse Coinbase of “unjust enrichment”, claiming the exchange had not spent enough on its internal security systems.
Coinbase has not yet responded to the wave of lawsuits. The exchange did say last week that it was working with the SEC and other relevant law enforcement agencies to identify the attackers.
Neither Coinbase nor its CEO Brian Armstrong have shared new updates on the situation since May 15 when the exchange first reported the attack.
Coinbase Data Breach
Last week, Coinbase announced that malicious cyber actors had managed to obtain personal details of «less than one percent» of its users by bribing some overseas customer support agents. The cyber criminals also managed to defraud some of the users whose data had been compromised in the breach.
As per Armstrong, the attackers had reached out to the exchange claiming possession of the stolen user data and demanded a ransom of $20 million (roughly Rs. 171 crore) for not leaking the information. Armstrong said that instead of surrendering to the attackers’ demand, the exchange was setting aside a reward fund of $20 million for information that leads to the attackers. In addition, the exchange vouched to reimburse users who ended up wiring funds to the attackers unsuspectingly.
Coinbase filed an 8-K filing with the US Securities and Exchange Commission last week, claiming that these remediation expenses could range between $180 million (roughly Rs. 1,541 crore) and $400 million (roughly Rs. 3,426 crore). Coinbase has told the SEC that the communication from the attackers is credible, which could mean the breached user data remains in possession of the attackers.
Details including names, addresses, emails, masked social security numbers, bank account numbers, government IDs, and the account data of the impacted users have been compromised. Coinbase, however, has not disclosed the number of users impacted by the data breach.
