Oh good grief.

These links provides the most accurate info, I think:
https://finance.yahoo.com/news/coinbase-stock-slips-crypto-exchange-123040251.htmlCoinbase said no passwords or customer funds were ever accessed. However, it said names, addresses, phone numbers, email addresses, last four digits of Social Security numbers, masked bank account numbers, and Coinbase account data like "balance snapshots and transaction history" may have been compromised.
They also said that access was from outside of US, but it is not clear where the customers were.
https://www.investing.com/news/stock-market-news/coinbase-discloses-security-breach-expects-impact-of-up-to-400m-4047654The breach, which Coinbase described as an “extortion attempt,” is said to have started when criminals bribed overseas support contractors to extract internal data affecting less than 1% of monthly transacting users.
The attackers reportedly obtained names, addresses, and phone numbers, as well as masked Social Security [it means just the last four digits] and bank account information, government ID images, and account data.
Coinbase emphasized that the attackers did not gain access to passwords, two-factor authentication codes, private keys, or customer funds.