- Ledger data breaches have tarnished the company‘s credibility.
- The 2020 crypto data hacks exposed users to loss and harm.
- French regulators finally fine Ledger over security breaches.
Ledger, known for its user-friendly and secure hardware wallets, has long been a key player in the crypto wallet space. However, its reputation took a hit in 2020 when two significant data breaches exposed users’ personal information online.
More than four years after the first breach, Franceโs data watchdog, the National Commission for Informatics and Freedoms (CNIL), has fined Ledger, marking a significant development in the saga.
Crypto Data Hack Catches Up to Ledger
Ledger suffered two major data breaches in 2020, which had significant consequences for its users. More than four years on, the CNIL has fined the crypto wallet maker โฌ750,000 ($810,000) for its failure to protect user data, according to Le Monde.
Sponsored
The data watchdog stated that the fine was imposed after it received around 50 complaints from Ledger customers in France and other European countries.
Although no details were given on when the complaints were filed, the CNIL advised affected users that they could pursue compensation through the appropriate courts.
Ledger Boss Apologizes
The July 2020 data breach exposed the personal information of 270,000 Ledger customers, including email addresses, names, phone numbers, and physical addresses, which were later posted on hacking forums like Raidforum.
The breach stemmed from unauthorized access to Ledger’s e-commerce and marketing database via a third-party API integrated into its website.
At the time, Ledger CEO Pascal Gauthier issued a public apology, assuring customers that the breach did not compromise the security of its hardware wallets. He emphasized that only the companyโs e-commerce systems were affected, not the wallets themselves.
Despite Gauthier’s reassurances, the leaked personal information left many users vulnerable to phishing attacks, blackmail, and even threats of home invasion. For those impacted, the apology did little to alleviate concerns about their privacy and safety.
Bad to Worse
Ledger disclosed a second data breach in January 2021, revealing that it had been informed by e-commerce partner Shopify of a security incident in December 2020.
According to Ledger, “rogue member(s)” of Shopify’s support team had stolen data from 200 merchants, including Ledger, in April and June 2020. However, the company stressed that it was unaware of this second breach until December 2020.
A class action lawsuit naming Ledger and Shopify as defendants was dismissed by a Californian court in November 2021. The court cited a lack of jurisdiction since Ledger is based in France and Shopify in Canada.
On the Flipside
- The exploitation of a Ledger employee‘s computer resulted in a $600k DeFi hack in December 2023.
- Ledger‘s security failures highlight the dangers of handing KYC and AML information to centralized parties.
- The relatively small data breach fine does not reflect the social cost paid by users.
Why This Matters
Despite the time elapsed since Ledger’s 2020/21 data disasters, the CNIL’s comments suggest the door isn’t closed for victims seeking justice through legal channels.
Hackers exploit EigenLayerโs socials.
EigenLayer X Account Hacked to Promote Fake Airdrop: Hereโs What We Know
Rumors of Binance listing Cardano Native Tokens prove unfounded.
Cardano Summit Crushes Hopes for Binance Listing
