One of the biggest cryptocurrency exchanges in the world, Coinbase, has revealed a serious user data breach and is now under increasing legal pressure.
At least six lawsuits were filed against Coinbase between May 15 and May 16, with users accusing the business of negligently handling the incident’s aftermath and not adhering to appropriate security procedures.
Lawsuits Claim Coinbase Negligent, Lacked Transparency in Breach Response
The lawsuits allege that Coinbase was negligent in safeguarding personal user information and that its response to the breach lacked transparency and urgency.
Plaintiffs claim that the exchange did not take adequate measures to prevent unauthorized access and failed to notify affected users promptly, potentially increasing the risk of identity theft and financial loss.
One of the lawsuits, filed in a New York federal court on May 16 by plaintiff Paul Bender, argues that Coinbase failed to secure the sensitive personal data of millions of users.
The filing further alleges that Coinbase’s internal security systems were insufficient and not in line with the industry standards expected of a platform managing billions in crypto assets.
Lawsuits Highlight Rising Concerns Over Centralized Exchange Security
These legal actions reflect growing concern among users and regulators about the security of centralized exchanges.
As the crypto sector continues to mature, platforms like Coinbase are under increasing pressure to implement robust cybersecurity measures and maintain trust among their user base.
Coinbase has yet to issue a detailed public response to the lawsuits. The legal developments could have significant implications for the exchange’s reputation and may prompt broader regulatory scrutiny into data protection practices within the crypto industry.
Coinbase Targeted in $20M Extortion Scheme After Insider Breach
On May 15, Coinbase disclosed it had faced a $20 million extortion attempt following a targeted cyberattack.
Four days earlier, cybercriminals allegedly bribed several customer support agents to gain access to the exchange’s internal systems. This breach resulted in the theft of sensitive user data.
The compromised information included names, addresses, phone numbers, email addresses, partial Social Security numbers, some banking details, and government-issued IDs like driver’s licenses and passports.
Additionally, limited account-specific data—such as balance snapshots and transaction histories—was also accessed.
While Coinbase claims the breach affected a relatively small number of users, the severity of the stolen information has sparked concern and prompted multiple lawsuits alleging the exchange failed to protect its users’ personal data adequately.
More Lawsuits Claim Coinbase Lacked Adequate Security Measures
Similar accusations against Coinbase were mirrored in two further complaints filed in a federal court in New York, which accused the exchange of not putting in place sufficient security procedures to safeguard user data.
In a fourth lawsuit, Coinbase was accused of underinvesting in data protection, which led to a claim of unjust enrichment. The plaintiffs contend that the business put user safety last in favor of profits, leaving private data open to hacks.
In addition to seeking court-ordered measures to enhance data protection procedures, all four cases seek damages for impacted users.
The lawsuits further exacerbate Coinbase’s legal and reputational issues following the recent data hack, reflecting rising user dissatisfaction with the company’s handling of the breach and its aftermath.
Also Read: Coinbase CEO Plans Continued M&A Expansion, Backed By Nearly $10B Resources