Low wages for Indian BPO workers linked to $400M Coinbase data breach vulnerability

Cryptocurrency exchange Coinbase experienced its largest-ever data breach, compromising sensitive information of over 69,000 customers and potentially costing the company $400 million. The breach was traced to hackers bribing low-paid Indian customer service workers at TaskUs, a Texas-based BPO firm operating in Indore, India, which has provided Coinbase support since 2017.

The hackers, believed to be part of a group called 'the Comm' or 'Community,' exploited the low wages of TaskUs employees, who earn between $500 to $700 a month—a figure considered low internationally despite being above India's average BPO salary. This wage disparity reportedly made employees vulnerable to bribery, enabling the leak of confidential customer records.

Following the breach, TaskUs laid off over 200 employees working for Coinbase at the Indore center. A class-action lawsuit filed in New York accuses TaskUs of negligence, highlighting the risks of outsourcing critical customer service functions to low-wage workers.

Experts suggest that if TaskUs had paid fairer wages, the breach might have been prevented, underscoring the link between worker compensation and cybersecurity risks. The stolen data was used by criminals to impersonate staff and trick customers into surrendering their crypto assets.

"If TaskUs had paid fair wages to customer service executives handling cryptocurrency queries, this might have been avoided," the report noted.

This incident raises broader concerns about the security vulnerabilities inherent in outsourcing and the ethical implications of low wages in sensitive sectors like cryptocurrency support.

Coinbase suffered a $400 million data breach affecting over 69,000 customers after hackers bribed low-wage Indian BPO workers at TaskUs, a Texas-based outsourcing firm. The breach exposed sensitive data, leading to a class-action lawsuit accusing TaskUs of negligence and highlighting wage-related vulnerabilities.