In a company blog post published on Thursday morning, Coinbase revealed that criminals had bribed overseas customer support agents to hand over records, including customer addresses, phone numbers, government IDs and partial details of bank and Social Sec

se Says Criminals Bribed Customer Support Agents to Steal Data From 1% of Its Users

Coinbase is offering a $20 million reward for information leading to the arrest and conviction of criminals who bribed customer support agents at the company to steal user data and then used it in social engineering scams.

The company said on Thursday morning that a small number of customer support agents, who are no longer employed by Coinbase, had been compromised by criminals who are likely based in India.

Those criminals then used the stolen data to direct social engineering scams at Coinbase customers.

The company did not say how many customers had been scammed but said it would make whole those who had lost money.

The criminals also threatened to publish the stolen customer data online unless Coinbase paid them $20 million.

Coinbase said it would not pay a ransom and instead urged customers who had been contacted by the criminals to report it to the company and to local law enforcement.

Coinbase said the stolen data included customer names, addresses, phone numbers, government IDs and partial details of bank and Social Security records. However, it did not include log-in credentials or access to wallets.

The company said the stolen data represented fewer than 1% of active monthly transacting customers. Based on Coinbase’s latest earnings report, that means fewer than 84,000 customers were affected.

Coinbase said it is working with U.S. and international law enforcement to track down the criminals.

“We take the privacy and security of our customers’ data extremely seriously,” said Philip Martin, Coinbase Chief Security Officer.

“We are deeply disappointed that a small number of customer support agents violated company policy and customer trust. Their employment with Coinbase has been terminated.

“We are grateful for the cooperation of U.S. and international law enforcement in this investigation. We will not tolerate attempts to defraud our customers and we are committed to holding the perpetrators accountable for their actions.”

Coinbase also reminded users that they will never contact them to ask for their password or 2FA or to move their funds to a different wallet.

If someone claiming to be from Coinbase asks for such information, they should hang up the phone and contact Coinbase directly through their website or app.