Coinbase disclosed last week that a months-long data breach resulted in the theft of personal and financial information from at least 69,461 customers.

According to Coinbase’s filing with Maine’s attorney general on Wednesday, the breach occurred between December 26, 2024, and earlier this month. The hacker allegedly demanded a $20 million ransom to delete the stolen customer data, which the company refused to pay.

The hacker reportedly bribed Coinbase customer support workers to access customers’ data, resulting in the theft of names, email and postal addresses, phone numbers, government-issued identity documents, account balances, and transaction histories. Wealthy customers are particularly concerned about being targeted due to the breach.