Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
A major breakthrough in the Coinbase data breach investigation has named Ashita Mishra, a TaskUs employee in India, as a key suspect in a $400 million cyberattack affecting 69,000 customers. Court filings in New York’s Southern District on September 16, 2025, allege Mishra and an accomplice accepted over $500,000 in bribes, at $200 per photo, to leak sensitive customer data, including Social Security numbers and bank details, starting in September 2024. The breach, uncovered in January 2025, involved photographing internal systems in TaskUs’s Indore facility.
Coinbase, notified in January but disclosing the breach publicly in May via an SEC filing, faced a $20 million ransom demand, which it rejected, offering a matching reward for the culprits’ arrest. The breach enabled social engineering scams, with hackers posing as Coinbase staff to defraud users. The company has since terminated its TaskUs contract, severed ties with implicated agents, and enhanced security protocols, reimbursing affected customers.
TaskUs confirmed firing two employees and halting Coinbase operations in Indore, impacting 226 workers, while emphasizing the breach was part of a broader criminal campaign targeting multiple Coinbase vendors. A class-action lawsuit filed by Nelson Estrada accuses TaskUs of negligence, alleging systemic failures in data protection. The case has intensified scrutiny on third-party outsourcing in crypto, with analysts warning of regulatory and reputational risks.
Coinbase’s stock dipped 7% post-disclosure but later stabilized, bolstered by its S&P 500 inclusion. The incident underscores the vulnerability of insider threats in the crypto sector, pushing firms to strengthen internal controls. As investigations continue, the industry braces for stricter compliance measures to safeguard user data.
