Ledger discovers new security breach

Getting your Trinity Audio player ready...

Today, Ledger disclosed that 20,000 new customer records were leaked and are now out in the wild. 

Ledger claims that they were unaware of the 20,000 additional customer records until it was brought to their attention by Shopify on December 23. According to Shopify, “rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported customer transactional records in April and June 2020.” 

This incident brings the total amount of Ledger customer records that are potentially in the hands of hackers up to 292,000. 

Understating the damage

This is not the first time that Ledger understated the effects of a security breach. In July 2020, it was revealed that Ledger had suffered a security breach in June that led to the theft of 1 million customer email addresses and other identification information. At the time, Ledger believed that only 9,500 customers had their email addresses, as well as their first and last name, postal address, phone number, and information regarding their ordered products stolen. However, In December 2020, it was revealed that 272,000 customer’s first and last names, postal addresses, and phone numbers were stolen during the data breach.

How did Ledger find this out? Because the customer’s personal identification information was published on RaidForums, a marketplace for buying, selling, and sharing hacked information. 

The aftermath

Since the original breach occurred and customer data was published on RaidForums, Ledger customers have been the victim of phishing attacks and have received threats from hackers via phone and email.

The security breach has caused many people in the digital currency community to distrust Ledger given how easy it was for the data to be stolen and how irresponsible Ledger was when it came to addressing the breach and the damage it caused.

If you are the owner of a Ledger hard wallet be on the lookout for scams.