<\/p>\n
An amended lawsuit filed against U.S.-based outsourcing firm TaskUs claims the company concealed key information regarding the Coinbase data breach and downplayed the scale of insider involvement.<\/p>\n
<\/p>\n
According to Greenbaum Olbrantz, the law firm that originally brought the class action in May and filed the amended complaint<\/a> on Tuesday, a TaskUs employee named Ashita Mishra is at the center of the scheme that reportedly affected more than 69,000 customers of the exchange.<\/p>\n Coinbase disclosed the breach in May, saying it had reimbursed impacted users, notified regulators, and cut ties with TaskUs while tightening its internal security controls.\u00a0<\/p>\n Mishra, along with other unnamed accomplices, allegedly stole confidential information about Coinbase customers between September and January and sold it to the hackers who used it to impersonate Coinbase employees and steal crypto from unaware victims. Coinbase, however, has previously claimed<\/a> that the breach transpired in December.<\/p>\n \u201cMs. Mishra was part of a sophisticated hub-and-spoke conspiracy that funneled Coinbase customer data from TaskUs computers to criminals at the center of the conspiracy,\u201d the lawsuit claims, citing a TaskUs employee charged with investigating the breach.<\/p>\n <\/p>\n Mishra and another key accomplice reportedly operated \u201ccircles of disconnected TaskUs employees\u201d who were not aware that others were also involved in the scheme, a structure designed to \u201ccontinue exfiltrating highly sensitive PII from TaskUs even if one of the spokes in the conspiracy was caught,\u201d the filing added.<\/p>\n Bad actors allegedly paid Mishra and her team $200 for every photo that contained Coinbase data, and according to an earlier complaint from Coinbase, she sometimes took as many as 200 photos a day. At the time when TaskUS was made aware of the breach, her phone allegedly contained information about more than 10,000 Coinbase customers.\u00a0<\/p>\n Other allegations in the amended lawsuit center around TaskUS, which allegedly \u201ctook steps to silence those with knowledge of the breach.\u201d<\/p>\n The company had previously fired nearly 300 employees from its office in Indore, India, and the filing claims this was done because the conspiracy had \u201cso pervasively infiltrated TaskUs\u2019 systems that TaskUs could not identify all of the individuals involved.\u201d<\/p>\n TaskUS also reportedly disbanded its human resource team and fired staff members who were tasked with investigating the breach, which the amended suit claims was a \u201ca pattern of concealment.\u201d<\/p>\n \u201cUpon information and belief, TaskUs terminated those employees to conceal the true<\/p>\n extent of its security failures,\u201d the suit added.<\/p>\n Among other irregularities was a Form 10-K filing from TaskUs in February, where it failed to disclose its involvement in the Coinbase breach, effectively signaling to regulators and investors that the company was \u201cnot aware of any material data breaches\u201d at the time.<\/p>\nTaskUS employees were bribed to leak Coinbase data<\/h1>\n
TaskUS allegedly concealed information<\/h2>\n