←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.202s | source
Show context
rkagerer ◴[15 May 25 20:38 UTC] No.43999086[source]
Coinbase seems to be going to great lengths to try and distance themselves from the so-called "rogue overseas support agents".

If they were Coinbase employees or contractors, that means the company basically sold its own data to hackers, who then turned around and demanded a ransom.

Reimbursing duped customers makes sense, as it seems like they would have a pretty straightforward case to make in court that Coinbase's actions led to their loss.

I'm more curious if someone who feels the need to move, change banks, change their email, hire a security detail etc. could successfully sue the company to recover some or all of those costs.

replies(1): >>43999526 #
vonneumannstan ◴[15 May 25 21:32 UTC] No.43999526[source]
>If they were Coinbase employees or contractors, that means the company basically sold its own data to hackers, who then turned around and demanded a ransom.

This seems like a strange interpretation. If an employee at your company, against policy and likely illegally extracts proprietary data and gives it to hackers in exchange for money you can hardly say that "My company sold it's data".

replies(3): >>43999570 #>>43999635 #>>43999946 #
1. behringer ◴[15 May 25 21:38 UTC] No.43999570[source]
In a way you can. A company is its employees. If you want employees with integrity you might need to pay better than bottom dollar employees from the cheapest countries possible.

I once applied for a bank position, and they wanted to run a credit check. If you're in a position of handling money, the company has a responsibility to vet its employees. Do I agree with credit checks? Absolutely not, but the point is, Coinbase is partially responsible and that's why they're refunding duped customers.

How far that responsibility goes is up for debate.