Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

The article keeps saying overseas employees or contractors, but isn't more specific on who Coinbase entrusted with this sensitive customer PII.

The bottom line is Coinbase didn't adequately secure sensitive customer information, and it was leaked.

Not, "Gosh, 'overseas' people, what can ya do?"

Bribes are one thing, but threats could also happen. This is a big part of the reason why I absolutely hate entities that think residential addresses should be public record.

This is a precedent to Coinbase employees getting physical threats at their door just because e.g. some voter registration, utility company, bank, credit card, or court record decided to release their name and addresses on the internet. People could show up at some Coinbase software engineers' apartment doors with guns demanding they send BTC to arbitrary addresses.

AFAICT it's impractical to keep residential addresses 100% private/secure - too many ways to get an address from any number of companies, organizations and governments that collect it for various reasons.

Plus numerous ways to infer your address from other data sources, including apps that grab GPS on friends' cellphones when they visit, etc.

Finally, shutting down paid data brokers seems virtually impossible in practice, which means anybody googling you can pay $20 and get everything.

Remember, the issue isn't lazy goodguys but even slightly motivated badguys, who then use third party scripts to do the data collection.