Those who are affected will at least receive some kind of compensation, which is not a consolation because their data has become public - but something similar happened to Ledger users 5 years ago and that company did not pay anything to anyone, but they tried to present the whole thing as irrelevant. This just shows the way companies treat their customers when it comes to the US versus the EU.
I see it as a gesture of good will from Coinbase. I am sure there T&Cs don't require them to compensate individuals who fall for social engineering scams but they want to do it anyway for positive press. Coinbase makes much more money than Ledger so it's easier for them in that regard. We are also talking about a smaller number of affected clients compared to the Ledger leak. That's assuming everything Coinbase has said is true.
It sounds ironic, but a few years ago I read about cases in my country that were strange to say the least. In the first, the owner caught a thief breaking into the house, the thief ran away and broke his leg, then sued the owner for the injury. In another case, a thief tried to attack the owner in his garage, he called for help and someone reported him for disturbing public order and peace.
I am not surprised. God forbid you attempt to hold the thief by force in your home against their will until the police comes. That's against the law as well in some countries. When the police arrives, you could both be arrested. The thief, for breaking and entering, and you for your citizen arrest.
Now the question is whether Coinbase will inform users whose data has been compromised.
They said that they already did. There are some reports going around claiming that Coinbase knew about the stolen and leaked data since January but decided to sit on the information before going public. I am not sure if that is true or not.