Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

There should be an ISO standard with respect to how much power and information that front line customer support agents have. The more information you need, like changing passwords or accessing personal information, should get forwarded to higher level customer support agents with better training and more monitoring. This way you can design customer support experience with as little exposure to security issues as possible.

They main defense against internal attacks is bookkeeping. Banks have been dealing with this for thousands of years. I recommend the corresponding chapter in Security Engineering by Ross Anderson: https://www.cl.cam.ac.uk/archive/rja14/Papers/SEv3-ch12.pdf

> better training and more monitoring.

That’s very load-bearing. It won’t help.

The CS reps are based in a LCOL country so the opportunity for theft is simply incredibly lucrative.

What is really needed, is customer-in-the-loop for access to their data. The problem is, not all accesses would make sense. Doing analytics over the data of the top 1% of customers, for example, requires some level of access, but would freak out those customers if they had to approve it.

If it would freak out the customers, maybe they shouldn’t be doing it.

Compartmentalization is a very expensive customer support model.

So are $20M ransoms and the reputational damage from data breaches.

That’s a nice thought, but naive.

What about, for example, a higher-tier support person performing QA over someone else’s work? What about DFIR teams doing research on potential abuse? Etc etc.

Bookkeeping will alert you to employees stealing your money. It won't alert you to employees selling information.

Access logs do help with this. They have been successfully used by the police to identify rogue officers abusing their access to police databases.