Ledger and Shopify have been hit by a class action lawsuit for a major data breach that resulted in the personal data of 270,000 hard wallet customers being stolen between April and June 2020,
On April 6, phishing scam victims John Chu and Edward Baton filed a lawsuit in California against the crypto wallet provider and its e-commerce partner Shopify.
The plaintiffs alleged that the companies “negligently authorized, carelessly ignored, then intentionally sought to cover up” the data breach. The data was stolen when rogue Shopify employees accessed the company’s e-commerce and marketing database for Ledger, with hackers then selling the data on the dark web.
“If Ledger had acted responsibly during this time, much of this loss could have been avoided,” they say.
The couple are seeking redress for the damage caused by the violation, seeking “all remedies permitted by law, including an injunction.” Chu lost $ 267,000 in BTC and ETH, and Baton lost $ 75,000 in XLM in phishing scams that spoofed business correspondence.
The data, covering full names, emails, phone numbers and shipping addresses, was finally published on the RaidForums website at the end of December. The lawsuit in particular accuses Ledger of not having “individually notified each customer concerned or admit the full extent of the violation.”
“Ledgers and Shopify’s misconduct have made Ledger customers targets, their identities being known or accessible to hackers around the world. Ledger’s persistent deficient response compounded the harm. By failing to notify each affected customer individually or to admit the full extent of the violation. “
While it has not yet been proven whether the company initially knew the full scope, it published a blog post in July 2020 indicating that 9,500 users had their data leaked at the time.
Ledger fully acknowledged the data breach on January 13, in a blog post confirming that access to their user database was the result of the Shopify hack, while announcing changes to the way they stored data, communicated with customers and also offered a 10 BTC. bounty fund for information leading to the arrest and prosecution of hackers.