On or about May 20, 2025, Coinbase, Inc. (“Coinbase”), reported a significant cybersecurity incident (the “Data Breach”) to the Washington State Attorney General’s Office. The Data Breach occurred when an unauthorized actor gained access to Coinbase’s computer systems between December 26, 2024 and May 5, 2025. Coinbase took steps including complimentary 12-month credit monitoring and identity protection services. At least 69,461 people were affected by the Data Breach.
Coinbase operates an online platform that allows its users to buy, sell, trade, and use “crypto currencies” such as Bitcoin and Ethereum. Coinbase operates in over 100 countries with over 4,200 employees and $425 billion in assets stored on its platform.
Coinbase sent data breach notification letters to those affected and offered complimentary credit monitoring services for twelve months. If you received a Data Breach notification letter from Coinbase, it confirms that your information was potentially impacted.
What information is involved in the Coinbase, Inc. Data Breach?
Compromised information may include:
Name
Driver’s License or State ID Card Number
Date of Birth
Passport Number
Your Personally Identifiable Information (PII) includes details that can be used to identify you. It plays a key role in defining your identity. Organizations are legally obligated to safeguard this data, and failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.
A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is safeguarded under both federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.
If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.
If you received a NOTICE OF DATA BREACH letter from Coinbase, your personal, financial, and medical information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.