An amended lawsuit filed against U.S.-based outsourcing firm TaskUs claims the company concealed key information regarding the Coinbase data breach and downplayed the scale of insider involvement.

According to Greenbaum Olbrantz, the law firm that originally brought the class action in May and filed the amended complaint on Tuesday, a TaskUs employee named Ashita Mishra is at the center of the scheme that reportedly affected more than 69,000 customers of the exchange.

Coinbase disclosed the breach in May, saying it had reimbursed impacted users, notified regulators, and cut ties with TaskUs while tightening its internal security controls. 

TaskUS employees were bribed to leak Coinbase data

Mishra, along with other unnamed accomplices, allegedly stole confidential information about Coinbase customers between September and January and sold it to the hackers who used it to impersonate Coinbase employees and steal crypto from unaware victims. Coinbase, however, has previously claimed that the breach transpired in December.

“Ms. Mishra was part of a sophisticated hub-and-spoke conspiracy that funneled Coinbase customer data from TaskUs computers to criminals at the center of the conspiracy,” the lawsuit claims, citing a TaskUs employee charged with investigating the breach.

Mishra and another key accomplice reportedly operated “circles of disconnected TaskUs employees” who were not aware that others were also involved in the scheme, a structure designed to “continue exfiltrating highly sensitive PII from TaskUs even if one of the spokes in the conspiracy was caught,” the filing added.

Bad actors allegedly paid Mishra and her team $200 for every photo that contained Coinbase data, and according to an earlier complaint from Coinbase, she sometimes took as many as 200 photos a day. At the time when TaskUS was made aware of the breach, her phone allegedly contained information about more than 10,000 Coinbase customers. 

TaskUS allegedly concealed information

Other allegations in the amended lawsuit center around TaskUS, which allegedly “took steps to silence those with knowledge of the breach.”

The company had previously fired nearly 300 employees from its office in Indore, India, and the filing claims this was done because the conspiracy had “so pervasively infiltrated TaskUs’ systems that TaskUs could not identify all of the individuals involved.”

TaskUS also reportedly disbanded its human resource team and fired staff members who were tasked with investigating the breach, which the amended suit claims was a “a pattern of concealment.”

“Upon information and belief, TaskUs terminated those employees to conceal the true

extent of its security failures,” the suit added.

Among other irregularities was a Form 10-K filing from TaskUs in February, where it failed to disclose its involvement in the Coinbase breach, effectively signaling to regulators and investors that the company was “not aware of any material data breaches” at the time.

According to earlier findings, a group of hackers identifying themselves as “the Comm” is suspected to be the masterminds behind the incident. Even though the incident did not involve any loss of funds from the exchange, bad actors getting access to sensitive customer information has raised concerns about identity theft and phishing risks for affected users.