Coinbase confirmed a breach involving a contractor who improperly accessed data from about thirty customers. This incident, which occurred in December, was disclosed after screenshots of an internal support tool were briefly posted on Telegram by a group called "Scattered Lapsus Hunters." The leaked screenshots included sensitive customer information, such as names, email addresses, and cryptocurrency wallet balances. Coinbase had already notified the affected customers and provided them with identity theft protection services. The breach is not linked to a previous incident involving TaskUs, an outsourcing firm that had access to Coinbase's customer support. The growing trend of targeting Business Process Outsourcing (BPO) companies highlights vulnerabilities in the system. BPO employees often have access to sensitive data, making them prime targets for attackers. Methods like bribery, social engineering, and account compromises have been used to exploit these firms. Recent high-profile cases illustrate how these tactics have been effective. For instance, attackers impersonated employees to gain access to corporate networks, as seen in the Cognizant incident related to Clorox. Other companies, like Marks & Spencer and Co-op, have also reported breaches linked to social engineering attacks against their support personnel. Discord faced a similar issue when attackers accessed 5.5 million user accounts via a compromised support agent's account from a BPO provider. This trend reveals a shift in focus from exploiting technical vulnerabilities to targeting third-party services that handle sensitive data.