Catenaa, Saturday, May 24, 2025- Coinbase is under legal fire following a major data breach that exposed sensitive user information after cybercriminals bribed overseas support agents.
Between May 15 and 16, six class-action lawsuits were filed accusing Coinbase of negligence, weak cybersecurity, and a slow, inadequate response.
The earliest suit, filed by Paul Bender in the US District Court for the Southern District of New York, alleges Coinbase failed to implement basic security measures, leaving users vulnerable to identity theft and financial fraud.
The complaint also criticizes the company’s delayed notification and failure to offer identity protection.
In another suit, plaintiffs Zaal Panthaki and Alexander Crous claim Coinbase neglected data security investments and poorly managed third-party overseas vendors.
Hackers accessed emails, phone numbers, masked account and Social Security numbers, plus transaction histories.
California resident Rosemary Ortiz filed a separate lawsuit arguing Coinbase worsened the breach by retaining unnecessary sensitive data instead of deleting it securely.
Though no direct financial losses have been reported, plaintiffs warn of lifelong risks from identity theft and costly monitoring efforts.
Coinbase disclosed the breach started with a $20 million ransom demand, which it refused to pay. The company is cooperating with law enforcement and has allocated up to $400 million for remediation. It has also fired implicated Indian support staff and enhanced security systems.
Despite the lawsuits, Coinbase has not publicly addressed the legal claims.
