KYC Data Breaches Report

1. Coinbase Insider Breach (May 2025)

What happened: An insider at a Coinbase support center exfiltrated KYC materials for ~69,461 users, including government-issued ID photos and partial Social Security numbers.

Harms Reported:

Targeted phishing & vishing scams using real masked details.
Financial losses (e.g., 2.3 ETH stolen; six-figure crypto accounts drained).
Emotional trauma: panic attacks, sleep disruption, loss of trust in online services.

Source: Walker Stevenson, “Who Are the 70K Victims Behind Coinbase’s KYC Breach?”, The Coinomist (June 19, 2025)

2. AU10TIX ID-Verification Hack (June 2024)

What happened: Hackers exploited exposed admin keys at AU10TIX—used by PayPal, LinkedIn, Upwork—to steal full-resolution driver’s licenses, dates of birth, nationality data, and more.

Harms Reported:

Risk of identity theft: stolen IDs sold on Telegram for opening fraudulent accounts.
Long-term exposure: personal records weaponized later, enabling scams or extortion.
Regulatory fallout: platforms under PIPEDA inquiry, user notifications of “real risk of significant harm.”

Source: Consumer Choice Center, “The latest troubling data hacks underscore the futility—and danger—of excessive KYC/AML rules” (June 28, 2024)