TaskUs Sued Over $400 Million Coinbase Data Breach

The law firm Greenbaum Olbrantz has filed an updated class-action lawsuit against TaskUs, alleging the involvement of its employees in a major Coinbase data breach in 2024.

According to the document, TaskUs employee Ashita Mishra from the Indian office was passing photos of client accounts to hackers, receiving $200 for each. Her phone later revealed data on more than 10,000 users.

The plaintiffs claim that Mishra did not act alone: other employees, including managers, were involved in the scheme. From September 2024 to January 2025, criminals systematically copied clients’ personal data—from social security numbers to bank details. This information was used for social engineering attacks and cryptocurrency theft.

Coinbase previously stated that the breach occurred at the end of December, but the lawsuit claims the theft began several months earlier. More than 69,000 clients were affected, with total damages estimated at approximately $400 million.

According to media reports, the scheme was orchestrated by a group of teenagers and young hackers called “the Comm.” TaskUs allegedly knew about the issue but failed to identify all participants. In January 2025, the company fired 226 employees from the Indian office and disbanded the internal investigation team. The lawsuit describes these actions as “systematic concealment.”

After the incident, Coinbase tightened control over contractors and refused to pay the criminals. The exchange offered a reward of $20 million for information leading to the arrest of the attackers. Company representatives emphasized that all affected clients received compensation, and the contract with TaskUs was terminated.

TaskUs itself stated that “data security remains a priority,” but declined to comment on the case.

Lawyers from Greenbaum Olbrantz noted that their complaint contains an “unprecedented report” on the incident’s timeline and will hold all scheme participants accountable.