Crypto giant Coinbase has confirmed its systems have been breached and customer data, including government-issued identity documents, were stolen.
In a legally required filing with U.S. regulators, Coinbase said a hacker this week told the company that they had obtained information about customer accounts, and demanded money from the company in exchange for not publishing the stolen data.
Coinbase said the hacker “obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.” The support staff are no longer employed, the company said.
The filing said Coinbase’s systems detected the malicious activity “in the previous months,” and that it has “warned customers whose information was potentially accessed in order to prevent misuse of any compromised information.”
Coinbase said it will not pay the hacker’s ransom. According to a social post by CEO Brian Armstrong, the hackers demanded $20 million from the company.
The company said the hacker stole customer names, postal and email addresses, phone numbers, and the last four-digits of users’ Social Security numbers. The hacker also took masked bank account numbers and some banking identifiers, as well as customers’ government-issued identity documents, such as driver’s licenses and passports. The stolen data also includes account balance data and transaction histories.
The company said some corporate data, such as internal documentation, was also stolen during the breach.
In a blog post, Coinbase said the breach affects less than 1% of its customers. Coinbase has more than 100 million customers as of 2022, per the company’s website.
Coinbase said it expects to incur costs of around $180 million to $400 million relating to incident remediation and customer reimbursements.
A spokesperson for Coinbase did not immediately respond to TechCrunch’s request for comment.
