Brian Armstrong (Coinbase CEO) posted a video about this today: https://x.com/brian_armstrong/status/1922967787309256807
"But customer support agents do have access to personal information like name, date of birth, address, et cetera"
Apparently "et cetera" includes photos of my ID? Why do they even keep it?
The more alarming part for me is that, given the scale of the breach, there was clearly some way for this CS access to (a) query and download data from a database and (b) exfil that data in bulk. Where on earth were the controls?