Latest news with #TaskUs
Time of India
04-06-2025
- Business
- Time of India
Coinbase breach: Two TaskUs India staffers accessed customer data
Bengaluru: Two India-based employees of US BPO TaskUs illegally accessed sensitive information belonging to their client, Coinbase. These staff members were allegedly part of a larger criminal operation targeting Coinbase, which also affected other service providers working with the cryptocurrency exchange. The cryptocurrency exchange utilises TaskUs to provide outsourced customer service support from personnel located in India. Coinbase stated in the US SEC filing that the incident did not involve the compromise of passwords or private keys, and at no time were any of the targeted contractors or employees able to access customer funds. While the company is still investigating, the affected data included names, addresses, phone numbers, and emails, masked social security, govt ID images, and account data. The security breach was referenced by plaintiff Nelson Estrada, who lodged a complaint in a US court against TaskUs, alleging the company's failure to protect personal identification details of himself and millions of other individuals. Coinbase disclosed in a regulatory filing that it received email communication from an unknown threat actor claiming to have obtained information about certain Coinbase customer accounts, as well as internal Coinbase documentation, including materials relating to customer service and account-management systems. The threat actor, the filing said, appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access. According to a complaint, Coinbase said the preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements relating to this incident. When TOI reached out to TaskUs, the company said, "Early this year, we identified two individuals who illegally accessed information from one of our clients. We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client. " TaskUs said it immediately reported this activity to the client, terminated the individuals involved, and is coordinating with law enforcement. "Out of an abundance of caution, TaskUs ceased all Coinbase operations in Indore in early January, impacting 226 teammates. Following the investigation, all teammates, excluding the two bad actors, were offered a generous severance package, including six months of pay." TaskUs said, "We place the highest priority on safeguarding the data of our clients and their customers and continue to strengthen our global security protocols and training programmes, including by investing millions of additional dollars in physical and information security." When TOI reached out to Coinbase, a spokesperson for the company said, "As we've already disclosed, we recently discovered that a threat actor solicited overseas agents to capture customer account information dating back to December 2024. We notified affected users and regulators, cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls. No passwords, private keys, or any other information that would allow someone to directly access customer accounts or funds were exposed, and Coinbase Prime accounts are untouched. "
Coin Geek
04-06-2025
- Business
- Coin Geek
Coinbase was hacked by snarky teens; Circle upsizes IPO
Getting your Trinity Audio player ready... Coinbase (NASDAQ: COIN) was aware of its customer data leak far earlier than the digital asset exchange previously acknowledged, while its stablecoin partner Circle is supersizing its initial public offering (IPO) plans. On June 3, Reuters reported that the recently disclosed hack of Coinbase's customer data by customer support staff in India involved the local operation of a Texas-based business process outsourcing firm called TaskUs. In January, at least one TaskUs employee was caught using their phone to photograph Coinbase customer information from a computer screen. Four sources, including three TaskUs staffers, told Reuters that Coinbase was notified immediately of the security breach, and TaskUs promptly fired two staffers involved in the incident. Coinbase responded by cutting ties with TaskUs, resulting in over 200 staff in the city of Indore losing their jobs. The mass layoff was reported in Indian media at the time. And yet, it wasn't until May 15 that Coinbase acknowledged the breach in a filing with the U.S. Securities and Exchange Commission (SEC). Coinbase said at the time that it knew the contractors had improperly accessed customer data in 'previous months' but didn't realize the extent of the breach until May 11, when it received a ransom demand from individuals to whom the data had been forwarded. Coinbase estimated that nearly 70,000 of its customers have been impacted. Coinbase CEO Brian Armstrong later claimed that the exchange began notifying impacted users on April 11 but failed to explain why the SEC wasn't notified until a month later. Crypto journalist Molly White noted that Coinbase revised its user agreement on April 12 to limit customers' ability to participate in class action suits against the exchange. TaskUs has since been hit with a class action suit by Coinbase customers alleging negligence. TaskUs said it 'believes these claims are without merit' and will defend itself in court. Coinbase's customer support is notoriously glacial in its response to complaints, a bad reputation that shows little sign of improvement. Some U.S. customers have resorted to filing complaints with the Consumer Financial Protection Bureau (CFPB) based on its requirements for companies to respond within 15 days. That could explain CEO Armstrong's (incorrect) view that the CFPB is an 'unconstitutional' body that should be 'deleted' because it has 'done enormous harm to the country.' Coinbase has been the subject of over 8,000 complaints with the CFPB, a body that the current federal administration is in the process of dismantling. Insult to injury Fortune reported that Coinbase has used TaskUs services since 2017, but the latter firm's reliance on poorly paid staff in India opens up the potential for staff to supplement their wages with bribes. A TaskUs spokesperson told Fortune that its research suggests the Indore staff who leaked the Coinbase data 'were recruited by a much broader, coordinated criminal campaign against [Coinbase] that also impacted a number of other service providers servicing [Coinbase].' Fortune reported communicating with one of the alleged hackers, who went by the name 'puffy party' on Telegram. This individual claimed to be part of a loosely affiliated group of teenagers and twenty-somethings calling itself 'the Comm' or 'Com' (short for 'community'). This group has been linked to other notable exploits, including the blackmailing of some Las Vegas casino operators in 2023. 'Puffy party' also claimed that members of the Comm/Com perform specific aspects of a heist based on their individual skillsets. One team bribed the TaskUs staff, another performed the social engineering scams, with the spoils divided amongst the teams. In a reflection of this team's juvenile status, 'puffy party' shared screenshots of messages they'd exchanged with what they claimed was a member of Coinbase's security team. The messages show the hackers mocking Armstrong, saying they would use some of the proceeds of their blackmail efforts to 'sponsor a hair transplant so that he may graciously traverse the world with a fresh set of hair.' Back to the top ↑ No KYC, no hacks, no problem Incredibly, the crypto sector's collective response to Coinbase's data hacking scandal is not that the exchange needs to beef up its digital defenses and be more upfront with its customers. Instead, calls are mounting to lift 'know your customer' (KYC) requirements on digital asset operators based on the view that hackers can't steal data that companies don't possess. As some online critics have observed, traditional banks haven't been as supportive as they might of the digital asset legislation currently kicking around Congress because banks 'think it is unfair for a non-bank to do banking without any of the laws and regulations applicable to banks. And they kind of have a point.' Back to the top ↑ Coinbase v Oregon Coinbase responded at the time by claiming that Oregon was 'trying to revive regulation by enforcement,' the catchphrase popularized by digital asset firms that reject nearly all aspects of regulatory oversight with which they disagree. On June 2, Coinbase filed a petition in federal court asking for the suit to be moved out of Oregon and under federal jurisdiction. The petition calls the suit a 'regulatory land grab' and notes that Oregon's Division of Financial Regulation generally takes point on securities transactions, not the AG, calling into question Rayfield's authority to file the suit in the first place. Coinbase VP of legal Ryan VanGrack tweeted Tuesday that the petition was filed because 'the case is fundamentally about federal law.' VanGrack claimed Rayfield's suit 'would undermine recent bipartisan progress towards crypto clarity by creating a patchwork of state regulations that harms consumers, innovation, and economic freedom.' Coinbase's chief legal officer Paul Grewal added that '[b]ecause Oregon's claims raise fundamentally federal issues like the meaning of 'investment contract,' [as defined by the Howey Test] they should be resolved by federal courts.' Back to the top ↑ Circle supersizes IPO Coinbase's share price has ridden a roller coaster so far in 2025, hitting peaks of over $300 in January and troughs of less than half that sum by mid-April. But the company's inclusion in the S&P 500 index last month and the expectation of a major payday from its stablecoin partner Circle currently have Coinbase shares hovering just under $260. USDC-issuer Circle filed its IPO paperwork in early April, and the company has been dotting its i's and crossing its t's in anticipation of that magical Nasdaq debut later this week. On May 27, Circle announced plans to offer 24 million shares of its Class A common stock at an expected range of $24-$26, with Circle offering up 9.6 million of that total and selling stockholders accounting for the other 14.4 million. On June 2, Circle upsized that offer to 32 million shares at a range of $27-$28, allegedly reflecting 'strong investor appetite' for all things crypto under President Donald Trump's second go-round. The IPO is now expected to raise nearly $900 million, while assigning Circle a valuation of up to $7.2 billion. Coinbase holds 8.4 million shares in Circle after converting its equity in the now defunct Centre consortium that originally oversaw USDC's business. Should the IPO go off at the upper end of its expected price range, Coinbase's Circle stock would be worth over $235 million, ~$25 million more than Coinbase's equity in Circle at the time of the conversion. Coinbase is unlikely to be selling much of its Circle stake in order to preserve the sweetheart revenue-sharing deal it worked out when it negotiated its exit from Centre. With both companies now required to issue financial report cards, it seems Coinbase actually makes more money off USDC activity than Circle does, while Circle shoulders most USDC expenses. Last month, reports emerged that Circle was a potential acquisition target of both Coinbase and Ripple Labs, the issuer of the XRP token (as well as its own stablecoin RLUSD). Ripple's offer was said to be in the $4-$5 billion range, which Circle rejected as too low, a view now apparently confirmed by its IPO valuation. (Ripple CEO Brad Garlinghouse recently denied that his company had pursued a Circle deal.) A distinctly contrary view of Circle's prospects was presented in the Financial Times last month. The article called into question Circle's whole business model, as '98 per cent of Circle's revenue is interest on the securities holdings which back its stablecoins … although it issues USDC and holds the offsetting assets, it's not generating revenue from trading or staking transactions involving the stablecoins in either the cryptoverse or the real world.' 'Financially, Circle is a highly levered, uninsured narrow bank with nearly all of its revenue coming from a big bucket of short-term cash investments. It makes money when rates are higher, up to a point, and makes less or loses money when rates are low. That makes Circle a market play on—or a plaything of—volatile short-term interest rates … This then brings us to the unanswerable question at the heart of Circle's business: Does anyone know where short-term interest rates will be in the future?' Back to the top ↑ Coinbase left its keys in San Francisco Coinbase must indeed be feeling flush, as it just announced a deal to lease 150,000 square-feet of new office space in San Franciso. The new space will automatically become the company's single largest geographical footprint and marks a homecoming of sorts for Coinbase, albeit one that's a little hard to fathom. In 2021, as the pandemic forced offices to temporarily close and many tech-firms switched to a remote-first staffing model, Coinbase paid $25 million to break the lease on its former San Francisco office space. At the time, the move was pitched as the company embracing a 'no headquarters' philosophy but it seems times (and philosophies) have changed. CEO Armstrong tweeted that Coinbase was 'excited to reopen an office in SF,' adding that the company 'never left California' as many of its employees live in the state and '[w]e go to where the talent is.' Addressing San Francisco Mayor Daniel Lurie, who was elected last year, Armstrong said the city was 'so badly run for many years, but your excellent work has not gone unnoticed.' Rival exchange Kraken also shut its SF headquarters in 2022 because founder/then-CEO Jesse Powell believed the city was 'not safe.' Efforts to reduce the city's crime rate got a potential boost from Ripple co-founder Chris Larsen, whose nonprofit group San Francisco Police Community Foundation has offered the SF Police Department a $9.4 million donation to improve the SFPD's Real Time Investigation Center. The gift comprises a $2.15 million retroactive lease of office space and $7.25 million worth of new toys, including nearly $5.3 million in drone surveillance gear. Larsen, a San Francisco native, previously donated millions to expand the city's security camera network, but controversies surround how some of these funds were allocated. Mayor Lurie has indicated he's in favor of allowing the police to accept the donation. We suspect Coinbase's Armstrong is, as well. After all, there's some dangerous teenagers out there who've put a target on his head. Back to the top ↑ Watch: Teranode is the digital backbone of Bitcoin title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
Associated Press
04-06-2025
- Business
- Associated Press
2025 Asian Inspiring Workplaces Winners Announced
The Top 10 Inspiring Workplaces include: Concentrix, RELX | Reed Elsevier, Everise, TaskUs, SurveyMonkey, and more SINGAPORE, SINGAPORE, June 4, 2025 / / -- The Top 10 Inspiring Workplaces include: Concentrix, RELX | Reed Elsevier, Everise, TaskUs, SurveyMonkey, and more World's #1 Awards Recognising PeopleFirst Organisations Winners and their rankings were announced at an online ceremony on June 4, 2025 Inspiring Workplaces Group (IW) announced today the Top 10 Inspiring Workplaces winners in Asia – recognising them as truly PeopleFirst organisations. Unlike other awards which rely on completing a survey, entrants to the Inspiring Workplaces Awards were asked to provide proof of their investment in people by completing the entry form consisting of the six key elements IW believes are fundamental to creating a PeopleFirst culture, and by extension an Inspiring Workplace. They are: Culture and Purpose Leadership Wellbeing Inclusion Employee Voice Employee Experience. The quality of submissions this year has truly elevated the standard, marking it as the strongest ever witnessed by the independent judging panel. This reflects a significant commitment from business leaders to prioritise their people and reap the well-deserved rewards. Furthermore, it demonstrates the tangible, positive change occurring in workplaces worldwide that we have seen in entries to the Awards in other regions. Each of the six key elements were also judged separately for special recognition in each discipline. The Top 10 winners from organisations of all sizes and industries were decided by an independent expert judging panel. Matt Manners, Founder, The Inspiring Workplaces Group, commented: 'As Inspiring Workplaces marks its 10th anniversary, we're proud to recognise organisations that are setting the gold standard for PeopleFirst cultures. This isn't just a feel-good approach, it's a fundamental business strategy. With AI reshaping the way we work, companies that continue to prioritise profit over people may find themselves facing short-term wins but long-term setbacks. PeopleFirst isn't optional. It's essential.' The Asian Top 10 Inspiring Workplaces in 2025, in ranking order: #1 Concentrix #2 BAT Kazakhstan #3 RELX | Reed Elsevier #4 TaskUs (Philippines) #5 TaskUs (India) #6 Devon #7 Everise #8 tkxel #9= PagerDuty #9= SurveyMonkey #10 Foundever Best-in-class special recognition Inspiring Workplaces understands that the efforts made by organisations will naturally be stronger in some areas than others. So, organisations had the opportunity to put themselves forward for special recognition in each of the six key elements of the award entry. Below is the list of organisations that sought special recognition that scored highly enough to be considered best-in-class in these specific areas of creating a PeopleFirst organisation. Listed in alphabetical order: Inspiring Culture and Purpose Concentrix Relx | Reed Elsevier Inspiring Wellbeing Foundever Inspiring Inclusion Concentrix Foundever Inspiring Employee Experience BCD Travel Foundever 2026 Inspiring Workplaces Awards open for entries soon If you would like your organisation to have the chance of being named an Inspiring Workplace in one or across all regions (Asia, Australia & New Zealand, Europe, Latin America Middle East & Africa, North America and The UK & Ireland), visit the Inspiring Workplaces Awards and find out more. The 2026 Inspiring Workplaces Awards deadline is February 19, 2026. Sponsorship There are various opportunities for organisations to partner with Inspiring Workplaces. For more information, please contact [email protected] About The Inspiring Workplaces Group Inspiring Workplaces is a global organisation on a mission to help businesses build, prove, and celebrate truly PeopleFirst cultures. Believing that the greatest force in business is people, Inspiring Workplaces champions cultures where belief, belonging and confidence in the future empower individuals to thrive. Through its core programs: The Inspiring Workplaces Awards, Certified PeopleFirst™ and the free Inspiring Workplaces Community — the organization celebrates, certifies and connects leaders committed to creating environments where people feel seen, valued, and prepared for the future of work. In a world where workplaces shape lives, Inspiring Workplaces exists to spotlight those who lead with purpose, because inspiring cultures don't just transform business, they change the world. Learn more at: For more information on Inspiring Workplaces, contact: Matt Manners +44 (0) 7799876473 [email protected] Visit our Company LinkedIn Page Matthew Manners The Inspiring Workplaces Group Limited + +44 7799 876473 email us here Visit us on social media: LinkedIn Legal Disclaimer: EIN Presswire provides this news content 'as is' without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Business Recorder
03-06-2025
- Business
- Business Recorder
Coinbase breach linked to customer data leak in India, sources say
WASHINGTON: Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters. At least one part of the breach, publicly disclosed in a May 14 SEC filing, occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone, according to five former TaskUs employees. Three of the employees and a person familiar with the matter said Coinbase was notified immediately. The ex-employees said they were briefed on the matter by company investigators or colleagues who witnessed the incident in the Indian city of Indore, noting that the woman and a suspected accomplice were alleged to have been feeding Coinbase customer information to hackers in return for bribes. The ex-employees and person familiar with the matter said more than 200 TaskUs employees were soon fired in a mass layoff that drew Indian media attention. Coinbase had previously blamed 'support agents overseas' for the breach, which it estimated could cost up to $400 million. Although the link between TaskUs and the breach was previously alleged in a lawsuit filed last week in federal court in Manhattan, details of the incident, reported here for the first time, raise further questions over when Coinbase first learned of the incident. Bitcoin Vegas in US: Pakistan unveils first govt-led Bitcoin reserve Coinbase said in the May SEC filing that it knew contractors accessed employee data 'without business need' in 'previous months.' Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had 'cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.' Coinbase did not disclose who the other foreign agents were. TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. 'We immediately reported this activity to the client,' the statement said. 'We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.' The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment.
The Hindu
03-06-2025
- Business
- The Hindu
Coinbase breach linked to customer data leak in India
Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters. At least one part of the breach, publicly disclosed in a May 14 SEC filing, occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone, according to five former TaskUs employees. Three of the employees and a person familiar with the matter said Coinbase was notified immediately. The ex-employees said they were briefed on the matter by company investigators or colleagues who witnessed the incident in the Indian city of Indore, noting that the woman and a suspected accomplice were alleged to have been feeding Coinbase customer information to hackers in return for bribes. The ex-employees and person familiar with the matter said more than 200 TaskUs employees were soon fired in a mass layoff that drew Indian media attention. Coinbase had previously blamed "support agents overseas" for the breach, which it estimated could cost up to $400 million. Although the link between TaskUs and the breach was previously alleged in a lawsuit filed last week in federal court in Manhattan, details of the incident, reported here for the first time, raise further questions over when Coinbase first learned of the incident. Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were. TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment.
