Ledger and Shopify Face Class Action Over Data Breach

Key Takeaways

  • A lawsuit has been filed against hardware wallet provider Ledger and its e-commerce partner Shopify over a data breach.
  • In 2020, rogue employees at Shopify exploited a database vulnerability in order to gain access to Ledger’s client list.
  • The lawsuit alleges that Ledger failed to notify customers or admit to the full scope of the breach in a timely manner.

Hardware wallet firm Ledger and its e-commerce partner Shopify have been hit by a class-action lawsuit over a 2020 data breach that leaked the personal data of 270,000 customers.

Plaintiffs Lost Funds In Phishing Attacks

The legal complaint has been brought to a North California court by former Ledger customers John Chu and Edward Baton, who are seeking damages over the massive data breach.

The plaintiffs do not claim that the breach affected Ledger’s hardware wallets. Rather, they claim several users lost their crypto in phishing attacks between April and June 2020. During that time, rogue employees at Shopify exploited a database vulnerability that allowed them to gain illegitimate access to Ledger clients’ personal data.

The data was reportedly sold on the dark web and used for phishing campaigns against Ledger customers. Later, on Dec. 21, 2020, a hacker posted the data on a website called RaidForums for anyone to freely access. Personal information that was leaked included full names, email, phone numbers, and shipping addresses.



Due to the phishing attacks, Chu lost about 4.2 BTC and 11 ETH, worth about $267,000 at the time of the complaint. Baton, meanwhile, lost about 150,000 XLM.

Did Ledger Notify Clients In Time?

The lawsuit alleges that Ledger failed to notify affected customers and admit to the full scope of the breach in time. The plaintiffs now seek damages for their lost funds.

“Ledger’s efforts to cover up and downplay the actual and potential scale of the breach in the months leading up to its widespread public disclosure caused disastrous harm to its customers,” the legal document reads. “During that time, many crypto-asset investors lost massive sums of money.”

“Had Ledger acted responsibly during this period, much of that loss could have been avoided,” the document continues.



It is not yet proven whether Ledger knew about the hack’s scope and willfully chose not to inform its users. Ledger released information about the breach initially in July 2020, which revealed that about 9500 users were affected.

In a January 2021 blog post from Ledger, the company admitted to underestimating the breach. If Ledger’s account is correct, it was not until hackers published all 270,000 entries that the company understood the true extent of the breach was larger than it believed.

Disclaimer: The author did not hold anu cryptocurrency mentioned in this article at the time of press.


The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Source: Read Full Article