Recent legal documents have connected an employee of TaskUs, Ashita Mishra, to the data breach that occurred in May, affecting Coinbase customers.
The attack that affected at least 69,000 users has raised additional questions about Mishra’s involvement in planning the theft of sensitive information.
TaskUs Employee Allegedly Sold Customer Data
Mishra, an employee of TaskUs, stole confidential customer information and sold the information to a group of hackers, according to the filings in the court. Since September 2024, Mishra has been accused of gathering personal data, including Social Security numbers and bank information, of Coinbase customers. Investigators discovered more than 10,000 stolen data points on her phone. She is reported to have sold each record at $200. She provided the hacker organization, the Comm., with the information. Based on the information, the group engaged in phishing attacks under the guise of Coinbase employees to con customers into transferring their crypto-assets.
TaskUs Faces Allegations of Cover-Up
TaskUs, which offered customer care services to Coinbase, has been accused of mishandling the breach. The company is reported to have also tried to minimize the size of the violation despite laying off more than 200 workers who were connected to the event.
This is because TaskUs lied to regulators and failed to disclose the details of the violation in its February 2025 filing, even though its employees are known to have been involved in the theft. The company has not responded to the new claims, but it states that it is dedicated to protecting client data and enhancing its security.
Coinbase Takes Action Against TaskUs
Coinbase has been quick to react to the breach and distance itself both from TaskUs and its terminated business with it. The exchange provided early warnings to the customers and regulators and refunded the affected accounts. Coinbase has also enforced better internal security controls. Irrespective of these measures, the exchange is receiving several lawsuits by the aggrieved customers who have blamed it for negligence in safeguarding their information. Coinbase has proceeded to consolidate such assertions and arbitrate.
The breach further raises serious concerns about TaskUs’s security practices and whether the company had sufficient security measures. Regulators are also supposed to continue probing the incident to establish whether TaskUs violated any data protection standards. In the meantime, Coinbase concentrates on securing its clients and punishing the individuals involved.

