Coinbase Faces Legal Reckoning: Multiple Lawsuits Filed After Data Breach

The cryptocurrency exchange Coinbase is grappling with a wave of lawsuits following the disclosure of a significant data breach. Multiple legal actions allege negligence in security protocols and inadequate handling of the aftermath.

At least six lawsuits, filed between May 15th and 16th, accuse Coinbase of failing to uphold robust security measures to safeguard user data. Plaintiffs contend the exchange’s response to the breach was insufficient and delayed.

A lawsuit filed in a New York federal court on May 16th, by plaintiff Paul Bender, highlights Coinbase’s alleged failure to protect the sensitive personal information of millions of users. The breach compromised names, addresses, phone numbers, emails, partial Social Security numbers, bank account details, driver’s licenses, passports, and account data.

Coinbase acknowledged a prior $20 million extortion attempt after hackers, reportedly bribing customer support agents, gained access to internal systems and stole user data. The exchange claims it refused to pay the ransom.

Bender’s lawsuit alleges Coinbase’s failure to implement reasonable security measures exposed users to significant and ongoing risks. The complaint criticizes the company’s response as inadequate, fragmented, and delayed, highlighting the lack of timely notification and mitigation efforts.

The lawsuit warns of substantial risks of identity theft and financial fraud for affected users, emphasizing the potentially permanent nature of the damage caused by the data exposure.

Similar Allegations Across Multiple Lawsuits

Several other lawsuits filed in New York and California federal courts echo these claims, with some adding allegations of unjust enrichment due to insufficient investment in data security measures. The lawsuits seek damages and protective measures for users’ data.

Coinbase, while declining to comment directly on the lawsuits, referred to a blog post addressing the data breach and its plans to reimburse users affected by related phishing scams. The company anticipates reimbursement expenses between $180 million and $400 million.

Following the disclosure of the breach and an ongoing SEC investigation into misstated user numbers, Coinbase’s stock initially dipped before recovering. The company also reportedly terminated several customer support agents implicated in social engineering attacks.

This unfolding situation underscores the importance of robust security practices and transparent communication in the cryptocurrency industry.