Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)

410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.247s | source

Show context

silisili ◴[16 May 25 08:17 UTC] No.44002952[source]▶

> the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs

Hopefully companies take this as a lesson about bottom dollar outsourcing your CS.

For those amounts, they could afford to have hired regionally local support agents, and paid them well over industry standard...

replies(4): >>44003038 #>>44003040 #>>44003138 #>>44003499 #

thephyber ◴[16 May 25 08:48 UTC] No.44003138[source]▶

>>44002952 #

But do they consider it a CS risk or a business-wide risk? Is there any role at CoinBase that isn’t susceptible to insider risk? I would argue they would treat it as a security department / business risk issue and not a CS-only issue.

Onshoring CS and paying some more for that role may result in a net change of 0 risk (eg. The same possibility of a breach over the same time interval).

Would a lower class (for that region) Alabama man have less the susceptibility to insider risk as a middle class (for that region) Philippino man?

Most likely, the company will focus on better segmentation and better adherence to least permissions for all roles.

Also, your logic is clouded by the fact that you know it happened. In all aspects of security/cybersecurity, risk is incredibly difficult to calculate because you have to accurately know how much a counterfactual would cost in order to accurately choose one option over the other.

replies(1): >>44008265 #

1. esaym ◴[16 May 25 18:07 UTC] No.44008265[source]▶

>>44003138 #

>Would a lower class (for that region) Alabama man have less the susceptibility to insider risk as a middle class (for that region) Philippino man?

The american could be facing jail time, depending on the data. The Philippino man, not so much.

↑