- Court filing links TaskUs employee to Coinbase hack impacting over 69,000 customers.
- Hackers from “the Comm” used stolen data to impersonate Coinbase staff and steal funds.
- TaskUs accused of concealing breach, firing 226 staff and its HR team during the probe.
On Sept. 16, 2025, a court filing in a class-action lawsuit revealed that Ashita Mishra, a TaskUs employee in Indore, India, is implicated in one of the largest breaches in Coinbase history. The complaint alleges Mishra gained access to private customer data beginning in September 2024, selling it to hackers who then impersonated Coinbase staff to steal funds.
TaskUs, a Texas-based outsourcing firm, supplies customer support services for major technology companies and operates service centers in India.
Related: Coinbase Data Breach: Brian Armstrong Offers $20 Million Bounty for Intel on Attackers
What the Filing Alleges
According to the amended complaint by Greenbaum Olbrantz, Mishra accessed sensitive customer data including Social Security numbers and bank account information. The filing claims she accepted roughly $200 per photograph of customer data and at times captured data on up to 200 accounts per day.
In total, Coinbase disclosed that more than 69,000 customers were affected. The company estimated the financial impact of the breach could reach $400 million.
Role of “The Comm” and Concealment Claims
Hackers tied to the group known as “the Comm,” a loose network of young cybercriminals, are suspected of orchestrating the larger scheme. TaskUs has also claimed that Coinbase employees may have played a role, though no additional details were provided.
Coinbase stated it refunded affected customers, reported the breach to regulators, strengthened vendor controls, and cut ties with TaskUs. The company also offered a $20 million reward for information leading to arrests. Moreover, TaskUs previously said it has strengthened its security protocols but did not respond to the latest allegations.
The filing further claims that TaskUs attempted to conceal the extent of the breach by dismissing 226 employees at its Indore center in January 2025, citing the widespread infiltration of its systems. In February, the company rejected its internal human resources team assigned to investigate, which the lawsuit described as part of a “pattern of concealment.”
Related: Coinbase Hacker Launders $45 Million In Stolen ETH, Openly Mocks Sleuth ZachXBT
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
