Coinbase Faces Lawsuits Over Data Breach
19 May, 2025 ● Crypto News
Coinbase is facing a wave of lawsuits following its recent disclosure of a user data breach, with plaintiffs accusing the crypto exchange of mishandling the situation and failing to secure sensitive information.
Between May 15 and May 16, at least six lawsuits were filed against Coinbase.
Each complaint alleged that the company did not enforce adequate security measures to safeguard user data and failed to manage the fallout from the breach appropriately.
One such lawsuit, filed on May 16 in a New York federal court by plaintiff Paul Bender, claimed that Coinbase did not adequately protect the personal information of millions of users during the breach.
Coinbase revealed on May 15 that it had been targeted in a $20 million extortion attempt four days earlier, in which cybercriminals bribed several customer support agents to gain access to internal systems and obtain a limited amount of account data.
The compromised information reportedly included names, addresses, phone numbers, emails, the last four digits of Social Security numbers, bank account identifiers, as well as driver’s licenses, passports, balance details, and transaction records.
Bender alleged that “Coinbase failed to implement and maintain reasonable security safeguards,” which left users vulnerable to “serious and ongoing risks.”
The complaint also stated that Coinbase’s handling of the breach was “inadequate, fragmented, and delayed.”
“Users were not promptly or fully informed of the compromise, and Coinbase did not immediately take meaningful steps to mitigate further harm, provide identity protection services, or offer actionable guidance to affected individuals,” the lawsuit claimed.
According to the filing, users could now face a “substantial, immediate, and ongoing threat of identity theft and financial fraud,” with the potential for “long-term or even permanent” consequences, as the leaked personal data can’t be retrieved or fully secured once exposed.
Two more lawsuits filed in New York federal court leveled nearly identical accusations against Coinbase, while a fourth added a charge of unjust enrichment, alleging the exchange underinvested in user data protection.
All four suits seek damages and demand that Coinbase take steps to better protect user data moving forward.
A fifth lawsuit, filed in a California federal court on May 15, echoed these allegations but also requested that Coinbase delete all sensitive user data in its possession and bring in third-party security experts to audit its systems.
A Coinbase representative declined to comment on the ongoing litigation, referring Cointelegraph to a company blog post addressing the breach.
Coinbase stated that it had declined to pay the $20 million ransom and announced plans to reimburse users who fell victim to phishing scams linked to the stolen data.
In a filing submitted to the US Securities and Exchange Commission, Coinbase estimated the reimbursement costs could range between $180 million and $400 million.
The company has also reportedly dismissed a number of customer service employees in India who were allegedly involved in the social engineering scheme.
Following the public disclosure of the breach and news of an active SEC investigation into misstated 2021 user data, Coinbase (COIN) shares dropped 7% to $244.
However, by the close of trading on May 16, the stock had recovered, climbing 9% to reach $266, according to Google Finance.
Sources:
https://cointelegraph.com/news/coinbase-wave-of-lawsuits-over-customer-data-breaches
