- Victims file lawsuit accusing Shopify and Ledger of negligence, losses amount to over $300,000 in Bitcoin and Ethereum.
- For more than 10 months, a phishing attack allowed a bad actor to steal data from Ledger and Shopify.
A class action lawsuit has been filed against Ledger and Shopify. Both are being sued by Edward Baton and John Chu, and other victims of an attack that resulted in the theft of the personal information of more than 270,000 users.
The lawsuit was filed on April 6 of this year, while the attack spanned for nearly a year. Initiated in the middle of last year, the attackers allegedly used a phishing scheme to steal Ledger and Shopify customer information.
With more than 500,000 active stores on its online platform, and 1 million subscribing businesses worldwide, Shopify is one of the top 3 e-commerce platforms. Similarly, Ledger is one of the most recognized wallet providers in the crypto space.
Does Ledger have security issues?
According to the document, the data was extracted by employees of the referenced platforms who used phishing scams to take fake identities. The data was then allegedly sold on the black market. The plaintiffs accuse Ledger of failing to “act responsibly” and proceeding negligently.
Plaintiffs Baton and Chu are estimated to have lost more than $300,000 in Bitcoin, Ethereum and Monero. They are therefore seeking compensation and injunctive relief. The document states:
Ledgers and Shopify’s misconduct has made targets of Ledger customers, with their identities known or available to every hacker in the world. Ledger’s persistently deficient response compounded the harm. In failing to individually notify every affected customer or admit to the full scope of the breach.
Among other allegations, the lawsuit states that Ledger and Shopify failed to inform those affected of the situation. Ledger had suffered loss of information such as the email, address, full name and other sensitive data.
On July 29, 2020, the crypto wallet service provider made a publication to address data breaches in the e-commerce and marketing sector. There, Ledger claims to have received a report of a “possible” data breach that was remediated.
The company acknowledged that a third party gained access to a portion of their database. At that time, they took the step of making the Ledger Live application the primary interface for all customers to prevent future data breaches.
Earlier this year, Ledger made another post to update their customers on the “efforts” they were taking to protect their data. For example, they made changes to the way they handled user information. The company promised not to keep any information and to delete all personal data of its customers.