Coinbase is under mounting legal pressure after revealing a recent breach that compromised customer information, with numerous users claiming the company mishandled both the breach and its aftermath.
Between May 15 and May 16, at least six separate lawsuits were filed against the crypto platform. The suits accuse Coinbase of failing to uphold adequate cybersecurity measures and of responding poorly after the incident came to light.
One of the lawsuits, filed in federal court in New York on May 16 by plaintiff Paul Bender, alleges that Coinbase did not do enough to safeguard the personal data of millions of its users.
Coinbase disclosed on May 15 that the breach occurred four days earlier, tied to a $20 million extortion scheme. Cybercriminals reportedly bribed some customer service employees to gain unauthorized access to internal tools and steal a limited amount of account data.
The stolen information included names, email addresses, physical addresses, phone numbers, the last four digits of Social Security numbers, banking details, ID documents such as driver’s licenses and passports, and some account-specific data like balances and transaction records.
Bender’s complaint asserts that Coinbase failed to establish and maintain “reasonable security protocols,” putting users at continued risk.
The lawsuit also slams Coinbase’s incident response, describing it as delayed, poorly coordinated, and ineffective. It claims that affected users were not notified in a timely or comprehensive manner, nor were they offered services like identity theft protection or clear guidance on how to protect themselves.
According to the suit, the consequences of the breach could be “significant and long-lasting,” with users potentially exposed to identity theft and financial fraud.
Other lawsuits filed during the same time frame made comparable allegations. Two more in New York federal court echoed the claims of negligence, while another added accusations of unjust enrichment—alleging Coinbase underinvested in cybersecurity to save money.
All of the lawsuits seek financial damages and measures to protect the sensitive data of those affected.
In California, a fifth case took things further, asking the court to compel Coinbase to delete sensitive user data and bring in independent security firms to review its systems.
Coinbase has stated it did not comply with the $20 million ransom demand. The company also plans to reimburse customers who were deceived into transferring crypto to scammers due to the breach.
A regulatory filing with the U.S. Securities and Exchange Commission estimated that reimbursements could cost the company between $180 million and $400 million.
Following the breach, Coinbase reportedly dismissed several India-based customer service representatives involved in the social engineering scheme.
After the announcement, Coinbase’s stock (COIN) fell by 7%, closing at $244. However, the stock rebounded by May 16, climbing 9% to finish at $266, according to Google Finance.
For more news, find me on Twitter Giannis Andreou and subscribe to My channels Youtube and Rumble
What is your opinion on this particular topic? Leave us your comment below! We are always interested in your opinion!
