TaskUs
Company Details
Linkedin ID:
taskus
Website:
Employees number:
38,715
Number of followers:
433,428
NAICS:
541615
Industry Type:
Homepage:
taskus.com
IP Addresses:
13
Company ID:
TAS_1545658
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
TaskUs Vendor Cyber Rating & Cyber Score
taskus.comTaskUs is a different breed of BPO. We are a collective of highly capable humans, who understand how to deploy technology and data to best serve your purpose. From Digital CX to Trust & Safety, AI Services, Risk + Response, Consulting, and anything in between, we consider ourselves responsible for protecting our partners’ interests and supporting their long term success through innovation and technology - powered by ridiculously smart people. TaskUs partners with the world’s most innovative and disruptive brands to protect what matters most and to thrive in an ever changing world.
TaskUs A.I CyberSecurity Scoring
TaskUs Risk Score (AI oriented)Between 550 and 599
TaskUs
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TaskUs Global Score (TPRM)XXXX
TaskUs
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TaskUs Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
TaskUs, Coinbase, Discord and Marks & Spencer: Coinbase confirms insider breach linked to leaked support tool screenshots
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Coinbase Confirms Insider Breach Impacting 30 Customers in December Incident Coinbase has disclosed an insider breach involving a contractor who improperly accessed the personal data of approximately 30 customers in December. The company confirmed the incident after threat actors known as *Shiny Lapsus Hunters* (SLH) briefly posted screenshots of an internal support interface on Telegram, revealing customer details such as names, email addresses, phone numbers, KYC information, wallet balances, and transaction histories. The contractor, who no longer works with Coinbase, was detected by the company’s security team last year. Affected users were notified and provided with identity theft protection services, while regulators were informed as part of standard protocol. This breach is unrelated to a separate January 2025 incident involving TaskUs, an outsourcing firm that provides support services to Coinbase. The screenshots shared by SLH suggest the group may have obtained the data through an insider or by circulating stolen information among threat actors. SLH has previously claimed to have bribed insiders at other firms, including CrowdStrike, to gain access to internal systems. Rising Threats to Business Process Outsourcing (BPO) Firms The incident highlights a growing trend of threat actors targeting BPO companies third-party firms handling customer support, IT services, and account management for organizations. Since BPO employees often have access to sensitive systems and data, they have become prime targets for attacks. Common tactics include: - Bribing insiders to steal or share customer information, as seen in the Coinbase and TaskUs breaches. - Social engineering support staff to gain unauthorized access, such as the Clorox breach, where attackers impersonated an employee to compromise a Cognizant help desk agent, leading to a $380 million lawsuit. - Compromising BPO employee accounts to access customer data, as in Discord’s October breach, where a support agent’s account at an outsourced provider was used to extract data from 5.5 million users. Recent attacks on retailers like Marks & Spencer and Co-op have also involved social engineering against support personnel, prompting the U.K. government to issue guidance on mitigating such threats. The shift toward targeting BPOs reflects a broader strategy by threat actors to exploit third-party access rather than directly breaching corporate networks.
TaskUs
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The breach involved a coordinated criminal bribery scheme within TaskUs’s India operations, where employees were allegedly bribed to photograph and leak sensitive Coinbase customer account data to external criminals. The conspiracy expanded beyond front-line staff, leading to the dismissal of around 300 employees in January 2025. TaskUs reportedly concealed the breach’s scope, silenced whistleblowers, and fired HR personnel investigating the incident. Despite internal awareness, the company denied any material breach in regulatory filings (including a February 2025 Form 10-K) and proceeded with a $1.6 billion buyout by Blackstone before Coinbase publicly disclosed the incident in May. The breach originated in late 2024, affecting less than 1% of Coinbase’s monthly transacting users, with estimated losses reaching $400 million. Coinbase reimbursed victims, severed ties with TaskUs, and offered a $20 million reward for information leading to arrests, refusing to pay ransom demands.
TaskUs Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TaskUs
Incidents vs Outsourcing and Offshoring Consulting Industry Average (This Year)
TaskUs has 75.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
TaskUs has 14.53% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types TaskUs vs Outsourcing and Offshoring Consulting Industry Avg (This Year)
TaskUs reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — TaskUs (X = Date, Y = Severity)
TaskUs cyber incidents detection timeline including parent company and subsidiaries
TaskUs Company Subsidiaries
TaskUs is a different breed of BPO. We are a collective of highly capable humans, who understand how to deploy technology and data to best serve your purpose. From Digital CX to Trust & Safety, AI Services, Risk + Response, Consulting, and anything in between, we consider ourselves responsible for protecting our partners’ interests and supporting their long term success through innovation and technology - powered by ridiculously smart people. TaskUs partners with the world’s most innovative and disruptive brands to protect what matters most and to thrive in an ever changing world.
Loading...
TaskUs Similar Companies
Established in 2001, Firstsource Solutions Limited, an RP-Sanjiv Goenka Group company, is a specialized BPS partner with hyper-focused, domain-centered teams and cutting-edge tech, data, and analytics. We help our clients across healthcare, banking and financial services, communications, media, te
TTEC
We’re TTEC (pronounced t.tec). For over 40 years we have been obsessed with one thing: Helping the world’s best brands deliver exceptional customer experiences (CX). We're not just another BPO company. We're CX innovators, with deep understanding of what makes customers happy. We seamlessly blend hu
iEnergizer
iEnergizer is a leading Business Process Outsourcing provider (“BPO”) of customer management solutions dedicated to delivering performance while actively supporting and advocating our client’s brand. iEnergizer helps our Partners acquire, support, retain, and grow their markets by providing complete
Alorica
We’re passionate about creating customers for life by designing experiences that elevate your brand. As your full-service CX partner from strategy to execution, we blend proven performance, industry-leading expertise and the right technology that delivers real results and limitless possibilities. Wh
TDCX
Singapore-headquartered TDCX provides transformative digital CX solutions, enabling world-leading and disruptive brands to acquire new customers, to build customer loyalty, and to protect their online communities. TDCX helps clients achieve their customer experience aspirations by harnessing techn
Atento
We are one of the world's largest global providers of customer relationship management and business transformation outsourcing (CRM/BTO) services and industry leaders in Latin America. Our offerings have expanded beyond the realms of traditional Business Process Outsourcing (BPO) to become front-ru
Manserv
A Manserv tem no ato de servir sua principal vocação. A organização, fundada em 1985, tem estrutura empresarial sólida e abrangente. Especializada nas áreas de Manutenção, Facilities, Logística e Tecnologia, possui extenso portfólio de produtos e serviços, capazes de atender os mais diversificad
A global customer experience (CX) management solutions provider, Startek® delivers best-in-class omnichannel CX, digital transformation and enterprise tech services for leading brands, from Fortune 500s to fast-growing startups. Our innovation and expertise ensure CX excellence across traditional an
Majorel
Majorel has been acquired by TP allowing us to deliver even more exceptional services in more locations worldwide and on a greater scale than ever before. We deliver the most advanced, digitally-powered business services to help the world’s best brands streamline their business in meaningful and su
.png)
TaskUs CyberSecurity News
February 04, 2026 08:00 AM
Coinbase Discloses Insider Breach After Hackers Post Account Screenshots
Hacking gang Scattered LAPSUS$ Hunters posted (and then deleted) screenshots suggesting it had inside access to Coinbase through its...
September 18, 2025 07:00 AM
Major Coinbase hack tied to TaskUs employees, court filing claims
Major outsourcing company TaskUs has been filed with a class action lawsuit alleging its negligence and subsequent cover-up of the...
September 17, 2025 07:00 AM
TaskUs Employees Behind Coinbase Breach, US Court Filing Alleges
An employee of outsourcing firm TaskUs allegedly sold data stolen during the Coinbase data breach to hackers for $200 per record.
June 19, 2025 07:00 AM
How Hackers Are Turning Tech Support Into a Threat
Attacks on call centers lead to hundreds of millions of dollars in crypto thefts and disrupt retail sales.
June 11, 2025 07:00 AM
“Coordinated Criminal Campaign”: Two TaskUs Employees in India Implicated in Data Breach Targeting Coinbase
Bengaluru: Two India-based employees of U.S. business process outsourcing firm TaskUs have been accused of unlawfully accessing sensitive...
June 07, 2025 07:00 AM
Poltava’s illicit miner, a Hedera airdrop scam and other cybersecurity developments
We round up the week's key cybersecurity news. Alleged mastermind of kidnappings targeting crypto millionaires arrested in Morocco.
June 04, 2025 07:00 AM
Cybersecurity News: Meta, Yandex take heat on browsing identifiers, Acreed malware makes gains, HPE warns of critical auth bypass
EmbedEdit. Meta, Yandex take heat on browsing identifiers, Acreed malware makes gains, HPE warns of critical auth bypass. Cybersecurity...
June 02, 2025 07:00 AM
Coinbase breach linked to customer data leak in India, sources say
Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to...
January 14, 2024 08:00 AM
Blackstone CTO John Stecher talks artificial intelligence, cybersecurity and San Antonio
Blackstone, one of the world's largest private equity companies with more than a $1 trillion in assets, has stakes in 17 San Antonio-area...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TaskUs CyberSecurity History Information
Official Website of TaskUs
The official website of TaskUs is https://www.taskus.com/.
TaskUs’s AI-Generated Cybersecurity Score
According to Rankiteo, TaskUs’s AI-generated cybersecurity score is 560, reflecting their Very Poor security posture.
How many security badges does TaskUs’ have ?
According to Rankiteo, TaskUs currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has TaskUs been affected by any supply chain cyber incidents ?
According to Rankiteo, TaskUs has been affected by a supply chain cyber incident involving TaskUs, with the incident ID MARCOIDISTAS1770173590.
Does TaskUs have SOC 2 Type 1 certification ?
According to Rankiteo, TaskUs is not certified under SOC 2 Type 1.
Does TaskUs have SOC 2 Type 2 certification ?
According to Rankiteo, TaskUs does not hold a SOC 2 Type 2 certification.
Does TaskUs comply with GDPR ?
According to Rankiteo, TaskUs is not listed as GDPR compliant.
Does TaskUs have PCI DSS certification ?
According to Rankiteo, TaskUs does not currently maintain PCI DSS compliance.
Does TaskUs comply with HIPAA ?
According to Rankiteo, TaskUs is not compliant with HIPAA regulations.
Does TaskUs have ISO 27001 certification ?
According to Rankiteo,TaskUs is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of TaskUs
TaskUs operates primarily in the Outsourcing and Offshoring Consulting industry.
Number of Employees at TaskUs
TaskUs employs approximately 38,715 people worldwide.
Subsidiaries Owned by TaskUs
TaskUs presently has no subsidiaries across any sectors.
TaskUs’s LinkedIn Followers
TaskUs’s official LinkedIn profile has approximately 433,428 followers.
NAICS Classification of TaskUs
TaskUs is classified under the NAICS code 541615, which corresponds to Others.
TaskUs’s Presence on Crunchbase
No, TaskUs does not have a profile on Crunchbase.
TaskUs’s Presence on LinkedIn
Yes, TaskUs maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/taskus.
Cybersecurity Incidents Involving TaskUs
As of April 02, 2026, Rankiteo reports that TaskUs has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
TaskUs has an estimated 1,117 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at TaskUs ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on TaskUs ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $400 million.
How does TaskUs detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes (coinbase), and law enforcement notified with yes (coinbase notified regulators), and containment measures with termination of bribed employees (~300 in january 2025), containment measures with ended partnership with taskus, and remediation measures with tightened vendor and insider controls (coinbase), remediation measures with $20 million reward for information leading to arrests, and recovery measures with reimbursement of affected coinbase customers, and communication strategy with public disclosure in may 2025 (coinbase), communication strategy with no prior disclosure by taskus (alleged concealment), and incident response plan activated with yes, and containment measures with contractor terminated, affected users notified, and remediation measures with identity theft protection services provided to affected users, and communication strategy with public disclosure, regulatory notifications..
Incident Details
Can you provide details on each incident ?
Title: Systemic Security Failures and Data Breach at TaskUs Affecting Coinbase Customer Data
Description: Amendments to a class action in New York against TaskUs reveal systemic security failures and concealment in a breach tied to Coinbase customer data. The breach originated in late 2024, involving a criminal bribery scheme at TaskUs's India operations, where employees were allegedly bribed to photograph sensitive Coinbase customer account information and pass it to criminals. The breach affected less than 1% of Coinbase's monthly transacting users, with estimated losses up to $400 million. TaskUs allegedly concealed the breach's scope, fired HR personnel investigating it, and proceeded with a $1.6 billion buyout before Coinbase disclosed the incident in May 2025. Coinbase reimbursed affected users and ended its relationship with TaskUs, offering a $20 million reward for information leading to arrests.
Date Publicly Disclosed: 2025-05
Type: Data Breach
Attack Vector: Insider Threat (Bribed Employees)Social EngineeringPhysical Data Theft (Photographing Sensitive Information)
Vulnerability Exploited: Weak Insider ControlsLack of Vendor OversightInadequate HR and Compliance Monitoring
Threat Actor: Organized Criminal GroupBribed TaskUs Employees (India Operations)
Motivation: Financial Gain (Data Theft for Fraud/Resale)
Title: Coinbase Insider Breach Impacting 30 Customers
Description: Coinbase disclosed an insider breach involving a contractor who improperly accessed the personal data of approximately 30 customers in December. The incident was confirmed after threat actors known as Shiny Lapsus Hunters (SLH) posted screenshots of an internal support interface on Telegram, revealing customer details such as names, email addresses, phone numbers, KYC information, wallet balances, and transaction histories. The contractor was detected by Coinbase’s security team and no longer works with the company. Affected users were notified and provided with identity theft protection services, while regulators were informed as part of standard protocol.
Date Detected: 2024-12
Type: Insider Threat
Attack Vector: Insider Access
Threat Actor: Shiny Lapsus Hunters (SLH)
Motivation: Data Theft, Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Bribed TaskUs Employees (India Operations) and Contractor access.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach TAS4962149091725
Financial Loss: $400 million (estimated total loss)
Data Compromised: Coinbase customer account information, Personally identifiable information (pii)
Operational Impact: Termination of 300+ TaskUs EmployeesEnd of Coinbase-TaskUs PartnershipHR Personnel Fired During Investigation
Customer Complaints: Class Action Lawsuit Filed (Southern District of New York)
Brand Reputation Impact: Negative Publicity for TaskUs and CoinbaseAllegations of Concealment and Non-DisclosureLoss of Trust in Outsourcing Security
Legal Liabilities: Class Action LawsuitPotential Regulatory Violations for Non-Disclosure
Identity Theft Risk: High (Sensitive Account Information Compromised)
Incident : Insider Threat MARCOIDISTAS1770173590
Data Compromised: Personal data (names, email addresses, phone numbers, KYC information, wallet balances, transaction histories)
Systems Affected: Internal support interface
Brand Reputation Impact: Yes
Identity Theft Risk: Yes
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $200.00 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Account Information, Sensitive Account Details (Photographed), , Personal Identifiable Information (Pii), Kyc Information, Transaction Histories, Wallet Balances and .
Which entities were affected by each incident ?
Incident : Data Breach TAS4962149091725
Entity Name: Coinbase
Entity Type: Cryptocurrency Exchange
Industry: Financial Services (Crypto)
Location: United States
Customers Affected: Less than 1% of monthly transacting users
Incident : Data Breach TAS4962149091725
Entity Name: TaskUs
Entity Type: Outsourcing Firm
Industry: Business Process Outsourcing (BPO)
Location: United States (HQ)India (Operations Center)
Incident : Insider Threat MARCOIDISTAS1770173590
Entity Name: Coinbase
Entity Type: Cryptocurrency Exchange
Industry: FinTech
Customers Affected: 30
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach TAS4962149091725
Incident Response Plan Activated: Yes (Coinbase)
Law Enforcement Notified: Yes (Coinbase notified regulators)
Containment Measures: Termination of Bribed Employees (~300 in January 2025)Ended Partnership with TaskUs
Remediation Measures: Tightened Vendor and Insider Controls (Coinbase)$20 Million Reward for Information Leading to Arrests
Recovery Measures: Reimbursement of Affected Coinbase Customers
Communication Strategy: Public Disclosure in May 2025 (Coinbase)No Prior Disclosure by TaskUs (Alleged Concealment)
Incident : Insider Threat MARCOIDISTAS1770173590
Incident Response Plan Activated: Yes
Containment Measures: Contractor terminated, affected users notified
Remediation Measures: Identity theft protection services provided to affected users
Communication Strategy: Public disclosure, regulatory notifications
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (Coinbase), Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach TAS4962149091725
Type of Data Compromised: Customer account information, Sensitive account details (photographed)
Sensitivity of Data: High (PII, Account Access Details)
Data Exfiltration: Yes (Physical Theft via Photographs, Shared with Criminals)
Personally Identifiable Information: Yes
Incident : Insider Threat MARCOIDISTAS1770173590
Type of Data Compromised: Personal identifiable information (pii), Kyc information, Transaction histories, Wallet balances
Number of Records Exposed: 30
Sensitivity of Data: High
Data Exfiltration: Yes (via Telegram screenshots)
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Tightened Vendor and Insider Controls (Coinbase), $20 Million Reward for Information Leading to Arrests, , Identity theft protection services provided to affected users.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by termination of bribed employees (~300 in january 2025), ended partnership with taskus, , contractor terminated and affected users notified.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach TAS4962149091725
Ransom Paid: No (Coinbase refused to pay criminals)
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Reimbursement of Affected Coinbase Customers, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach TAS4962149091725
Regulations Violated: Potential Non-Compliance with Data Breach Disclosure Laws, Misrepresentation in SEC Filings (Form 10-K),
Legal Actions: Class Action Lawsuit (Southern District of New York), Potential Regulatory Investigations,
Regulatory Notifications: Coinbase Notified Regulators Immediately (Timing Unspecified)TaskUs Allegedly Misled Regulators (Claimed No Material Breach)
Incident : Insider Threat MARCOIDISTAS1770173590
Regulatory Notifications: Yes
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class Action Lawsuit (Southern District of New York), Potential Regulatory Investigations, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Insider Threat MARCOIDISTAS1770173590
Lessons Learned: Insider threats pose significant risks, especially in third-party contractor relationships. Enhanced monitoring and access controls are critical for mitigating such breaches.
What recommendations were made to prevent future incidents ?
Incident : Insider Threat MARCOIDISTAS1770173590
Recommendations: Implement stricter access controls for contractors and third-party vendors, Enhance monitoring of internal systems for unauthorized access, Provide regular security awareness training for employees and contractors, Establish clear protocols for reporting and responding to insider threatsImplement stricter access controls for contractors and third-party vendors, Enhance monitoring of internal systems for unauthorized access, Provide regular security awareness training for employees and contractors, Establish clear protocols for reporting and responding to insider threatsImplement stricter access controls for contractors and third-party vendors, Enhance monitoring of internal systems for unauthorized access, Provide regular security awareness training for employees and contractors, Establish clear protocols for reporting and responding to insider threatsImplement stricter access controls for contractors and third-party vendors, Enhance monitoring of internal systems for unauthorized access, Provide regular security awareness training for employees and contractors, Establish clear protocols for reporting and responding to insider threats
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Insider threats pose significant risks, especially in third-party contractor relationships. Enhanced monitoring and access controls are critical for mitigating such breaches.
References
Where can I find more information about each incident ?
Incident : Data Breach TAS4962149091725
Source: Decrypt
Incident : Data Breach TAS4962149091725
Source: Reuters
Incident : Data Breach TAS4962149091725
Source: Amended Class Action Complaint (Southern District of New York)
Date Accessed: 2025 (Filed on Tuesday, exact date unspecified)
Incident : Insider Threat MARCOIDISTAS1770173590
Source: Coinbase Disclosure
Incident : Insider Threat MARCOIDISTAS1770173590
Source: Shiny Lapsus Hunters (SLH) Telegram Post
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Decrypt, and Source: Reuters, and Source: Amended Class Action Complaint (Southern District of New York)Date Accessed: 2025 (Filed on Tuesday, exact date unspecified), and Source: Coinbase Disclosure, and Source: Shiny Lapsus Hunters (SLH) Telegram Post.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach TAS4962149091725
Investigation Status: Ongoing (Class Action Lawsuit, Potential Regulatory Probes)
Incident : Insider Threat MARCOIDISTAS1770173590
Investigation Status: Completed
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Disclosure In May 2025 (Coinbase), No Prior Disclosure By Taskus (Alleged Concealment), Public disclosure and regulatory notifications.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach TAS4962149091725
Customer Advisories: Coinbase Notified Affected UsersReimbursement Provided
Incident : Insider Threat MARCOIDISTAS1770173590
Customer Advisories: Affected users notified and provided with identity theft protection services
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Coinbase Notified Affected Users, Reimbursement Provided, and Affected users notified and provided with identity theft protection services.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach TAS4962149091725
Entry Point: Bribed TaskUs Employees (India Operations)
Reconnaissance Period: Late 2024 to Early 2025
High Value Targets: Coinbase Customer Account Data
Data Sold on Dark Web: Coinbase Customer Account Data
Incident : Insider Threat MARCOIDISTAS1770173590
Entry Point: Contractor access
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach TAS4962149091725
Root Causes: Inadequate Vendor Security Oversight (Coinbase), Insider Threat Vulnerabilities (Taskus), Failure In Hr And Compliance Monitoring (Taskus), Concealment Of Breach Scope (Taskus),
Corrective Actions: Coinbase: Ended Taskus Partnership, Tightened Controls, $20M Reward For Arrests, Taskus: Terminated ~300 Employees (Allegedly Involved),
Incident : Insider Threat MARCOIDISTAS1770173590
Root Causes: Improper access by a contractor, lack of sufficient monitoring for insider threats
Corrective Actions: Contractor terminated, affected users notified, identity theft protection services provided, regulatory notifications completed
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Coinbase: Ended Taskus Partnership, Tightened Controls, $20M Reward For Arrests, Taskus: Terminated ~300 Employees (Allegedly Involved), , Contractor terminated, affected users notified, identity theft protection services provided, regulatory notifications completed.
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Organized Criminal GroupBribed TaskUs Employees (India Operations) and Shiny Lapsus Hunters (SLH).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-12.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-05.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $400 million (estimated total loss).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Coinbase Customer Account Information, Personally Identifiable Information (PII), , Personal data (names, email addresses, phone numbers, KYC information, wallet balances and transaction histories).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Termination of Bribed Employees (~300 in January 2025)Ended Partnership with TaskUs, Contractor terminated and affected users notified.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Coinbase Customer Account Information, Personal data (names, email addresses, phone numbers, KYC information, wallet balances, transaction histories) and Personally Identifiable Information (PII).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 30.0.
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was No (Coinbase refused to pay criminals).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class Action Lawsuit (Southern District of New York), Potential Regulatory Investigations, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Insider threats pose significant risks, especially in third-party contractor relationships. Enhanced monitoring and access controls are critical for mitigating such breaches.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Provide regular security awareness training for employees and contractors, Establish clear protocols for reporting and responding to insider threats, Enhance monitoring of internal systems for unauthorized access and Implement stricter access controls for contractors and third-party vendors.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Shiny Lapsus Hunters (SLH) Telegram Post, Amended Class Action Complaint (Southern District of New York), Reuters, Coinbase Disclosure and Decrypt.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Class Action Lawsuit, Potential Regulatory Probes).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Coinbase Notified Affected UsersReimbursement Provided and Affected users notified and provided with identity theft protection services.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Bribed TaskUs Employees (India Operations) and Contractor access.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Late 2024 to Early 2025.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inadequate Vendor Security Oversight (Coinbase)Insider Threat Vulnerabilities (TaskUs)Failure in HR and Compliance Monitoring (TaskUs)Concealment of Breach Scope (TaskUs), Improper access by a contractor, lack of sufficient monitoring for insider threats.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Coinbase: Ended TaskUs Partnership, Tightened Controls, $20M Reward for ArrestsTaskUs: Terminated ~300 Employees (Allegedly Involved), Contractor terminated, affected users notified, identity theft protection services provided, regulatory notifications completed.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=taskus' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
