What the Coinbase Breach Says About Insider Risk - Dark Reading

VULNERABILITIES & THREATS COMMENTARY What the Coinbase Breach Says About Insider Risk The lesson from the breach is not just about what went wrong — but what could have gone right. Verrion Wright,Privacy and Security Researcher, BigID July 31, 2025 4 Min Read SOURCE: 24K-PRODUCTION VIA ALAMY STOCK PHOTO COMMENTARY When your digital vault is compromised, the fallout isn't just financial — it cuts to the foundation of trust. That is the reality that Coinbase, one of the world's largest cryptocurrency exchanges, is facing in the wake of a data breach that reportedly led to losses of up to $400 million and exposed almost 70,000 customers' personal information. This breach also sparked serious questions about how well companies are managing data governance, internal security controls, and insider risk. Unfortunately, these kinds of cybersecurity failures are no longer rare.  Across industries, more and more companies are finding themselves in the same position: scrambling to rebuild trust after a preventable incident. But what sets the Coinbase breach apart is how it was executed and what it signals about the broader need for a proactive and comprehensive approach to data security. A Breakdown in Controls Related:Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos According to court filings and public disclosures, attackers exploited internal vulnerabilities by bribing "a small number of individuals performing services for Coinbase." This allowed cybercriminals to gain unauthorized access to internal systems and ultimately steal account data belonging to customers, with leaked data including their names, addresses, phone numbers, email addresses, the last four digits of Social Security numbers, banking details, government-issued IDs, and account snapshots. Coinbase now faces regulatory scrutiny and multiple lawsuits for allegedly failing to secure personal data and for its response to the breach, with many reports estimating that this breach could cost Coinbase anywhere from $180 million to $400 million. The Rise of Insider Risk Insider threats aren't new, but they've taken on a different shape. And they're harder to spot than ever. It's no longer just a rogue employee going off-script. Now you've got outside attackers who know how to game the system, using social engineering to manipulate insiders and get access to the data they want. The problem is that most security tools are still focused on the perimeter. They're great at blocking known threats from the outside but often miss what's happening inside. If a company doesn't have a clear handle on who's accessing sensitive information, where that data lives, or how it's being moved around, it's easy to miss the warning signs. That's what makes the Coinbase breach such a wake-up call. It shows how important it is to have strong controls around access, especially for employees with elevated permissions. But locking down access isn't the whole story. What really matters is taking a data-first approach, knowing what sensitive data you have, where it's stored, how it's classified, and who's interacting with it at any given time. Related:Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical A Data-Centric Approach to Security Effective risk mitigation starts with data. Organizations need the ability to automatically discover and classify sensitive data across cloud, on-premises, and hybrid environments. If you don't know what data you have or where it lives, it's nearly impossible to put the right policies and protections in place. Once sensitive data is identified, the next step is understanding the context around it, from who has access to it, where it is stored and whether it's violating any policy. Without real-time insights, those questions are tough to answer and even harder to act on. Furthermore, organizations should invest in tools that monitor and respond to anomalies in access or usage patterns. For example, if a customer service agent suddenly downloads large volumes of sensitive information, that behavior should trigger alerts and immediate policy enforcement. Organizations need to ensure that their data governance strategy aligns with regulatory compliance. Modern privacy regulations such as Europe's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and others require organizations to demonstrate how they manage data rights, ensure proper consent, and respond to data subject requests. When these processes are automated and mapped to real-time data classification, it becomes significantly easier to stay compliant and respond to incidents. Related:Cisco SD-WAN Zero-Day Under Exploitation for 3 Years Beyond Detection: Building Resilience The lesson from the Coinbase breach is not just about what went wrong, but what could have gone right with better preparation. Organizations that go beyond reactive security and build a comprehensive framework for governance, risk, and compliance are the ones that will take the lead in building customers' trust and will be better off long-term. This includes creating policies that define how data should be handled based on sensitivity, purpose, and regulatory requirements. It means enabling proactive remediation workflows that act automatically when sensitive data is found in the wrong place or exposed to the wrong people. And it means having the right processes in place to report incidents quickly and transparently. Investing in employee training and security awareness is also key. Social engineering tactics like bribery, phishing, and impersonation remain some of the most effective ways to breach defenses. A well-informed workforce is a critical line of defense. The Way Forward  The Coinbase breach serves as a powerful reminder that cybersecurity is a business risk that touches every part of an organization, from legal and compliance to customer service and executive leadership. As more companies handle growing volumes of sensitive information, insider risk must be addressed with the same rigor as external threats. The edge goes to teams that bring visibility and control into one motion: discovering sensitive data, understanding its context, and enforcing the right controls — across cloud, software-as-a-service (SaaS), and legacy systems alike. It's not just about preventing threats. It's about building intelligence into the system so you can see risk coming before it lands. About the Author Verrion Wright Privacy and Security Researcher, BigID Verrion Wright is a privacy and security researcher at BigID. With more than 20 years of experience in privacy, security, and data management, he has held senior roles in various industries, including IT services, data privacy, and content marketing. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like VULNERABILITIES & THREATS Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs by Jai Vijayan, Contributing Writer NOV 11, 2025 VULNERABILITIES & THREATS 350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE by Nate Nelson, Contributing Writer JUL 11, 2025 VULNERABILITIES & THREATS AI Agents Fail in Novel Ways, Put Businesses at Risk by Robert Lemos, Contributing Writer MAY 07, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ APPLICATION SECURITY Microsoft Patches 83 CVEs in March Update byJai Vijayan MAR 11, 2026 4 MIN READ THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE