As details of Coinbase’s recent data breaches arise, victims are divided into legal strategies.
In May, Coinbase revealed that personal information, including government ID images and partial Social Security numbers, was being stolen from more than 69,000 users. The lawyers representing the victim alleged in court filings that Coinbase and a third party discovered the hack in January but waited until May to alert clients and regulators.
In a regulatory filing, Coinbase claimed he learned about the data breach in May 2025, when hackers demanded payment of a $20 million ransom from the exchange. The violation itself was in December 2024, Coinbase said in its filing.
The case spurred numerous lawsuits against Coinbase. Most cases are pushed into arbitration, probably due to the terms of the user agreement of the exchange. Coinbase updated its terms in March.
After the violations were revealed, class action law firm Greenbaum Orbrandz filed a lawsuit against Taskus, a third-party service Coinbase used for customer support services. In an amended complaint filed last week, lawyers say they have identified Huck’s suspects and found a whistleblower to cooperate with.
The suspect is former Tasks employee Ashita Mishra, the complaint alleges. Mishra began stealing and selling secret customer information to hackers in September 2024. Other Tasks employees were adopted in a bribery scheme that continues through January 2025 in accordance with the complaint.
read more: Coinbase Breach Fallout: What should I do if my data is published?
Victims pursuing legal action against Coinbase and Taskus are split on how they are going.
One group wants a single, integrated complaint against Coinbase and Taskus, effectively combining litigation with the two companies. The group proposes that there are 15 law firms, including Scott Cantrowitz Arnold, to coordinate cases and lead strategies.
Greenbaum Olbrantz disagrees with the other two companies. We guarantee to Coinbase that you will file an application that forces you to arbitrate, with the name of the case as a co-defendant. Personally-run arbitration generally provides businesses with less public and more expensive ways to resolve legal disputes.
If Coinbase succeeds in this motion, the cases will be forced to individual arbitration, making the victim’s process longer and more expensive. On the other hand, if the motion is denied, Coinbase could appeal, which could cause automatic stays in all cases. It’s a loser, Greenbaum argues.
A group led by Scott Kantrowitz Arnold argued that the arbitration motion is not an issue. They have the necessary experience to navigate arbitration clauses in user agreements, the lawyer wrote in a September 11 court application.
The Greenbaum team argues that focusing on Tasus, who says that a criminal plot has happened, is the right thing to do. They plan to coordinate with those pursuing arbitration against Coinbase.
Greenbaum’s revised complaint points out that this is not the first time Taskus has been involved in a customer data breach.
In a 2022 class action lawsuit over ledger data breach, the plaintiff filed a similar complaint against Taskus, alleging that the employee had stolen customer data. The lawsuit filed against Shopify and Taskus settled in 2025 on a private amount.
The judge decides which teams and strategies are in the best interest of the class.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
