By Raphael Satter

WASHINGTON, June 2 (Reuters) - Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters.

At least one part of the breach, publicly disclosed in aMay 14 SEC filing, occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone, according to five former TaskUs employees.

Three of the employees and a person familiar with the matter said Coinbase was notified immediately.

The ex-employees said they were briefed on the matter by company investigators or colleagues who witnessed the incident in the Indian city of Indore, noting that the woman and a suspected accomplice were alleged to have been feeding Coinbase customer information to hackers in return for bribes.

The ex-employees and person familiar with the matter said more than 200 TaskUs employees were soon fired in a mass layoff that drew Indian media attention.

Coinbase had previously blamed "support agents overseas" for the breach, which it estimated could cost up to $400 million.

Although the link between TaskUs and the breach was previously alleged in a lawsuit filed last week in federal court in Manhattan, details of the incident, reported here for the first time, raise further questions over when Coinbase first learned of the incident.

Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said.

In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls."

Coinbase did not disclose who the other foreign agents were.

TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify.

"We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client."

The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.

Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment.

(Reporting by Raphael Satter; additional reporting by Chris Prentice in New York and Munsif Vengattil in Bengaluru; editing by Chris Sanders and Richard Chang)

((mail to: Raphael.Satter@thomsonreuters.com))