*

Coinbase breach partly linked to TaskUs employees in India

*

Sources say contractor was caught taking pictures of data

on her

phone

*

Disclosure raises queries about when Coinbase discovered

breach

By Raphael Satter

WASHINGTON, June 2 (Reuters) - Cryptocurrency exchange

Coinbase knew as far back as January about a customer data leak

at an outsourcing company connected to a larger breach estimated

to cost up to $400 million, six people familiar with the matter

told Reuters.

At least one part of the breach, publicly disclosed in a May

14 SEC filing, occurred when an India-based employee of the U.S.

outsourcing firm TaskUs was caught taking photographs of her

work computer with her personal phone, according to five former

TaskUs employees.

Three of the employees and a person familiar with the matter

said Coinbase was notified immediately.

The ex-employees said they were briefed on the matter by

company investigators or colleagues who witnessed the incident

in the Indian city of Indore, noting that the woman and a

suspected accomplice were alleged to have been feeding Coinbase

customer information to hackers in return for bribes.

The ex-employees and person familiar with the matter said

more than 200 TaskUs employees were soon fired in a mass layoff

that drew Indian media attention.

Coinbase had previously blamed "support agents overseas" for

the breach, which it estimated could cost up to $400 million.

Although the link between TaskUs and the breach was

previously alleged in a lawsuit filed last week in federal court

in Manhattan, details of the incident, reported here for the

first time, raise further questions over when Coinbase first

learned of the incident.

Coinbase said in the May SEC filing that it knew contractors

accessed employee data "without business need" in "previous

months." Only when it received an extortion demand on May 11 did

it realize that the access was part of a wider campaign, the

company said.

In a statement to Reuters on Wednesday, Coinbase said the

incident was recently discovered and that it had "cut ties with

the TaskUs personnel involved and other overseas agents, and

tightened controls."

Coinbase did not disclose who the other foreign agents were.

TaskUs said in a statement that two employees had been fired

early this year after they illegally accessed information from a

client, which it did not identify.

"We immediately reported this activity to the client," the

statement said. "We believe these two individuals were recruited

by a much broader, coordinated criminal campaign against this

client that also impacted a number of other providers servicing

this client."

The person familiar with the matter confirmed that Coinbase

was the client and that the incident took place in January.

Reuters could not determine whether any arrests have been

made. Police in Indore did not return a message seeking comment.