> Coinbase didn't adequately secure sensitive customer information, and it was leaked
Practically every company has someone with credentials who is in some combination of debt, a damningly-adulterous relationship, a damningly-illegal substance relationship and/or feels underappreciated or slighted compensationwise. The question is generally how much it costs.
Which is exactly why insider threats should be explored as a threat-model and mitigated to make the blast radius as small as possible via rate PII sanitization, access controls, access monitoring, rate limiting, etc.