Getting hacked is the new normal, is getting extended from its truly technical execution and the challenges the victims are forced to face. As per the CrowdStrike threat report 2024 of last year, the enterprise ecosystem, which includes third parties etc, is at maximum risk and that turns out to be the weakest link in the chain quite a few times. Now with the Coinbase hack the literal outsourcing or third party support; mostly physical handled by associates, vendors or also operations support puts the organisation at a great risk,
On the Coinbase hack the latest news is that the Indian call centre agents are accused of leaking customer data. The valuation of the the hack is said to be worth $400 million. It was a major data breach for the company impacting over 69,000 customers, which happens to be its biggest failure to date. Shameful as it may be, the breach which could cost the company $400 million, happened after hackers bribed customer service workers in India to leak sensitive data. This is as per a report in Fortune.
The hackers targeted employees of TaskUs, a US based company providing customer service support to many tech firms. It has a large presence in India. Its agents at Indore have handled support for Coinbase since 2017. It is said the 200 Indian staff of TaskUs were laid off, just weeks after the data theft was discovered. In this particular case, as in many other cases the salaries are abysmal – often between $500 to $700 per month.“ What is the nature of risk the company takes on this count?”* “Obviously that’s the weakest point in the chain, because there is an economic reason for them to accept bribe.”
What is important, is whether the stolen information was good enough to access Coinbase’s crypto valets directly and the answer is a clear-cut no. To compensate for this handicap, cyber criminals used it to* impersonate Coinbase staff* and trick customers into giving up their crypto-assistants. These kinds of social engineering scams are now in vogue, leading to real financial losses. But Coinbase hasn’t revealed how many customers lost funds. The company says it is reimbursing affected users. There is already a lawsuit pending accusing TaskUs of negligence.
THE PRICE DIFFERENTIAL IN IT RESOURCES FINALLY WORKS AGAINST THE EMPLOYERS THEMSELVES, FROM THE CYBER SECURITY ANGLE.
Sanjay Sahay
Have a nice evening.