Earlier this month, Coinbase, America’s largest crypto exchange, revealed that it was the target of a recent cyber attack. Now, the tech firm has revealed that the attack impacted more than 69,000 of its users. Coinbase confirmed the number of affected users in the latest data breach in a filing with Maine’s attorney general on Wednesday.

Coinbase has revealed more information about the recent data breach

In data breach notifications filed with the Office of Maine’s AG, Coinbase said that cybercriminals stole customer and corporate data, which affected 69,461 individuals. The crypto firm said, “A small number of individuals, performing services for Coinbase at our overseas retail support locations, improperly accessed customer information.” Coinbase fired these individuals after discovering the data breach.

Furthermore, in the notice, Coinbase mentioned that it discovered the latest data breach on May 11, after it took place in late December last year. The company has also shared a data breach notification letter, which it is sending out to impacted customers.

Notably, the company already said that it will voluntarily reimburse customers who mistakenly sent funds to the cyber attackers as a direct result of the latest data breach, following a review to confirm the facts.

Threat actors stole valuable customer information

In the data breach, the threat actors were able to steal the names, addresses, phone numbers, and email addresses of thousands of Coinbase customers. They also stole masked security numbers, masked bank account numbers, some identifiers, ID images, account balances, transaction history, and limited internal documents. However, the hackers didn’t compromise any login credentials, 2FA codes, private keys, or user funds directly.

Notably, the cyber attackers demanded a ransom of $20 million to delete the customer data, but Coinbase refused to pay it. Instead, the company doubled down on it by offering a bounty of the same amount for any information leading to the arrest and conviction of those responsible. The data breach could cost the firm somewhere between $180 million and $200 million.

Coinbase has advised its customers to turn on withdrawal allow-listing, enable strong 2FA, hang up on imposters, and lock their account if they feel something is suspicious. The company is already working with law enforcement to find the threat actors of the data breach.