A court filing has identified an employee at business process outsourcing firm TaskUs as the key conspirator in a large-scale data breach targeting the cryptocurrency exchange Coinbase in May 2025.
The breach was revealed on May 15 by Coinbase in a post stating that cybercriminals bribed and recruited a group of rogue overseas support agents to steal its customer data and facilitate social engineering attacks.
The US crypto company said that the incident occurred in December 2024 and likely exposed the data of almost 70,000 of its customers.
According to Coinbase, the attackers planned to use the stolen data to impersonate Coinbase and trick customers into handing over their cryptocurrency holdings.
The attackers asked Coinbase to pay a $20m ransom to put an end to the scam.
However, the company publicly said it refused to pay and instead launched a $20m reward fund for anyone who could provide information leading to the arrest and conviction of the criminals responsible for the attack.
Class Action Lawsuit Against TaskUs
On September 16, a class action lawsuit filed with the US District Court for the Southern District of New York revealed further information about the hack.
The court document identified five named individuals, all Coinbase customers, as the plaintiffs. TaskUs and an unnamed person have been named as the defendants.
TaskUs is a Delaware-registered but Texas-based company owned by private equity firm Blackstone. According to the court filing, TaskUs “provides thousands of outsourced, low-paid employees to perform customer service support for major technology-sector clients.”
The legal document also stated that Coinbase hired TaskUs to handle customer support from India, giving the company access to customers’ personal data in exchange for payment. TaskUs employees in India provided these services to Coinbase and its users.
The document mentioned that in June 2025 Coinbase publicly acknowledged that those “rogue overseas support agents” mentioned in its May public statement worked for TaskUs. The crypto-exchange platform provider “cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.”
One individual TaskUs employee, Ashita Mishra, is accused of “joining the conspiracy by agreeing to sell highly sensitive Coinbase user data to those criminals” as early as September 2024.
TaskUs Confirms Staff Involvement in Coinbase Breach
According to the court filing, TaskUs has confirmed the involvement of its staff while seeking to minimize the extent of its security failures.
The outsourcing company claimed that “it identified two individuals who illegally accessed information from one of our clients [who] were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.”
TaskUs said that it had reported the activity to the client, ended the contracts of the individuals involved and was coordinating with law enforcement.
Accusations Against Named TaskUs Employee
The court filing alleged that Mishra systematically stole and photographed sensitive Coinbase customer records – up to 200 per day – from September 2024 including names, addresses, emails, partial bank account details, account balances and Social Security numbers.
According to prosecutors, Mishra sold the stolen data to hackers for $200 per record, amassing a trove of over 10,000 customers’ personal information on her device before her arrest in January 2025.
Investigators claim the operation didn’t stop with Mishra, as she allegedly enlisted supervisors and team leaders, transforming a solo insider theft into a structured, large-scale breach conspiracy.
TaskUs Accused of Cover-Up
Prosecutors claimed that TaskUs allegedly attempted to cover up the 2025 data breach by firing its own HR investigators, who had uncovered the full extent of the security failures, just months before the breach was publicly disclosed.
The filing also claimed that TaskUs did this to hide its negligence, including inadequate cybersecurity measures and a failure to enforce even its own weak protocols. Despite being entrusted with sensitive customer data, TaskUs allegedly prioritized profit over protection, leaving users vulnerable to theft and fraud.
Finally, the document noted that Blackstone, along with the outsourcing company’s co-founders, executed a buy-out to take TaskUs private at a valuation of $1.62bn less than one week before Coinbase publicly disclosed the data breach to its customers.
“TaskUs has not updated its risk factors or otherwise made any material updates to its securities filings to explicitly alert the market to TaskUs’ role in the Coinbase data breach,” the filing reads.
Coinbase Customers Demand Financial Compensation
Today, Coinbase estimates that losses as a result of stolen cryptocurrency assets from the data breach may be as high as $400m.
The prosecutors argued that TaskUs breached its legal and ethical duties by failing to implement basic security safeguards, delaying breach notifications and concealing the incident, thus depriving victims of the chance to protect themselves.
They said the company’s negligence enabled criminals, including insiders, to steal personally identifiable information (PII), putting millions at risk of financial fraud, identity theft, and even physical harm, as some Coinbase users reportedly hired bodyguards fearing kidnappings tied to the breach.
As a result, the plaintiffs are demanding financial compensation for losses that include stolen cryptocurrency, out-of-pocket expenses and the lasting harm caused by the exposure of their personal data.
They are also pushing for a court order that would require TaskUs to implement stricter security measures to prevent future breaches.
The plaintiffs argued that without these changes, the exposed data will continue to put customers at risk of long-term threats, including identity theft, fraud and other forms of financial exploitation.
Infosecurity reached out to TaskUs for comment but had not received a response at the time of writing.