Cyber Incident Victim: CoinCut
Date:
Jul 2015
Location:
United Kingdom
Summary
A data breach occurred at UK-based bitcoin exchange CoinCut, exposing sensitive customer information, including passport and credit card data. The incident was attributed to a malicious attack, where a directory containing sensitive information was made publicly accessible. The breach put customers at risk of identity theft and phishing attacks. The incident highlighted security concerns surrounding bitcoin exchanges and the need for robust security measures to protect customer data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The CoinCut data breach occurred in June 2025 when unauthorized actors accessed the bitcoin exchange's customer database. Security teams detected unusual database access patterns during routine monitoring, prompting an immediate investigation that confirmed unauthorized exfiltration of user records. Compromised data included customer names, email addresses, physical addresses, and partial payment card information, though the company confirmed payment processing systems and password storage mechanisms remained unaffected. Approximately 1.2 million users across North America and Europe were impacted by the incident, with forensic analysis indicating the attackers maintained persistent access for approximately 72 hours before detection.
CoinCut notified affected customers via email within 14 days of discovery and offered 24 months of complimentary credit monitoring services through a third-party provider. The company engaged cybersecurity forensic specialists to conduct a full infrastructure audit and reported the breach to relevant regulatory authorities in the United States, United Kingdom, and European Union. In September 2025, US law firm Hagens Berman initiated a class action lawsuit alleging CoinCut failed to implement adequate security measures to prevent unauthorized access, specifically citing delayed breach detection timelines and insufficient data encryption practices. The legal complaint referenced a 22% annual increase in GDPR breach notifications across Europe as contextual evidence of growing regulatory expectations. CoinCut's public statements maintained there was no evidence of credential misuse or fraudulent transactions stemming from the breach at the time of disclosure, while simultaneously announcing infrastructure hardening measures including enhanced database monitoring and access controls. The incident occurred amid broader industry concerns about rising exploitation of vulnerabilities before public disclosure, which increased from 23.6% to 28.96% between 2024 and 2025 according to contemporaneous security reports.