Comment by rkagerer
9 hours ago
Coinbase seems to be going to great lengths to try and distance themselves from the so-called "rogue overseas support agents".
If they were Coinbase employees or contractors, that means the company basically sold its own data to hackers, who then turned around and demanded a ransom.
Reimbursing duped customers makes sense, as it seems like they would have a pretty straightforward case to make in court that Coinbase's actions led to their loss.
I'm more curious if someone who feels the need to move, change banks, change their email, hire a security detail etc. could successfully sue the company to recover some or all of those costs.
>If they were Coinbase employees or contractors, that means the company basically sold its own data to hackers, who then turned around and demanded a ransom.
This seems like a strange interpretation. If an employee at your company, against policy and likely illegally extracts proprietary data and gives it to hackers in exchange for money you can hardly say that "My company sold it's data".
I agree it wasn't authorized, but I should absolutely still be able to hold the company responsible for the damage. My business relationship is with you, not your employees or vendors.
They in turn could go after the perpetrator. If they're using contractors who are cheap, unvetted, untrustworthy or don't carry liability insurance that's their problem and shouldn't excuse them of accountability.
In a way you can. A company is its employees. If you want employees with integrity you might need to pay better than bottom dollar employees from the cheapest countries possible.
I once applied for a bank position, and they wanted to run a credit check. If you're in a position of handling money, the company has a responsibility to vet its employees. Do I agree with credit checks? Absolutely not, but the point is, Coinbase is partially responsible and that's why they're refunding duped customers.
How far that responsibility goes is up for debate.
> This seems like a strange interpretation. If an employee at your company, against policy and likely illegally extracts proprietary data and gives it to hackers in exchange for money you can hardly say that "My company sold it's data".
When an employee ships a new feature, do you say "My company shipped a new feature?"
Did the employee ship the feature this against their employer's will? 'Cause if so, I'm not sure we would say the company shipped it.