A separate suit filed by Maine resident Zaal Panthaki and Texas resident Alexander Crous similarly criticizes Coinbase for failing to adequately train and monitor third-party overseas support staff. They allege that the breach revealed systemic security failures.
Here are six lawsuits already filed of anticipated to be filed in response to the breach:
- Paul Bender (New York): Accuses Coinbase of failing to implement basic cybersecurity protocols.
- Zaal Panthaki and Alexander Crous (New York): Blame undertrained offshore support teams and poor vendor monitoring.
- Rosemary Ortiz (California): Claims Coinbase stored unnecessary sensitive user data, worsening the breach’s impact.
- Unnamed plaintiffs (Multiple jurisdictions): Say Coinbase delayed response and did not help users mitigate damage.
- Proposed class action (National): Seeks accountability for lifelong risk of identity theft due to leaked PII.
- Future financial fraud monitoring case (Expected): Anticipates harm as attackers exploit exposed data for phishing scams.
What Data Was Leaked?
While Coinbase stated that private keys and passwords were not accessed, the attackers obtained:
- Full names and addresses
- Email addresses and phone numbers
- Social Security numbers
- Masked account details
- Transaction histories
Such personally identifiable information (PII) is extremely valuable to cybercriminals, as it can be used for phishing, impersonation, and fraud.
