Coinbase was made aware in January of a customer data breach involving its third-party contractor TaskUs months before publicly disclosing the incident, Reuters reported Monday, citing six sources familiar with the matter. According to five former TaskUs employees, the breach was traced to an India-based TaskUs support agent who had been photographing her work computer screen with a phone.  The employee and an alleged accomplice were suspected of selling Coinbase user information to hackers in exchange for bribes.  "We immediately reported this activity to the client," TaskUs told Reuters, adding that it had terminated two employees for illegal access and believed the breach was part of a wider, coordinated campaign targeting Coinbase and other service providers. Decrypt has approached Coinbase and TaskUs for comment. Coinbase disclosed the breach in an SEC filing on May 14 and followed up with a blog post on May 15.  The company said hackers obtained customer names, addresses, masked bank details, and identity documents via compromised support staff. No funds or passwords were taken. On May 11, Coinbase received a $20 million Bitcoin ransom demand, prompting it to go public with the information. It additionally said that the threat actor had obtained the information by paying multiple contractors or employees in support roles for information from internal Coinbase systems and that “these instances of such personnel accessing data without business need were independently detected by the Company’s security monitoring in the previous months.”  Reuters reported that at least part of the breach was linked to TaskUs, a U.S. outsourcing firm with over 61,000 employees across 12 countries.  “They then tried to extort Coinbase for $20 million to cover this up. We said no,” the company wrote. CEO Brian Armstrong responded by offering a $20 million bounty for information leading to the arrest of the attackers. “We are not going to pay your ransom,” he said in a video statement. The company said the breach affected less than 1% of its users. Coinbase has since cut ties with TaskUs and other overseas agents involved in the incident and claims to have strengthened internal controls. The breach sparked a shareholder lawsuit filed May 22 in federal court in Pennsylvania. Investor Brady Nessler accused Coinbase of violating securities laws by failing to disclose the breach promptly and alleged the company also concealed prior regulatory issues.  Coinbase’s stock dropped 7% following the disclosure but has since rebounded, bolstered by its inclusion in the S&P 500. Edited by Sebastian Sinclair