In yet another somewhat disappointing turn of events for Ledger users, the company has just revealed that they’ve discovered that the customer records for 20,000 ‘new’ users has been leaked during an incident with Shopify from back in the summer of 2020.
- In its most recent update, the cryptocurrency hardware wallet manufacturer Ledger revealed that 20,000 users, aside from 93% of those whose information was exposed in a previous attack, have seen their records leaked.
Recently, we shared news of a data dump. On December 23, we were alerted by our e-commerce provider Shopify about an incident in April & June ’20 where their rogue team members exported merchants’ customer databases. Ledger was included. More details: https://t.co/NHU3IbDL0a pic.twitter.com/DHQQ9arxCu
— Ledger (@Ledger) January 13, 2021
- The statement reads that back on December 23rd, Ledger has received information from its e-commerce service provider Shopify regarding an incident involving merchant data “in which rogue members of their support team obtained transactional records, including Ledger’s.”
- These records include email, name, postal address, products ordered, and phone number.
- The statement also makes it clear that until December 21st, 2020, Shopify hadn’t discovered that Ledger was also a target in the attack.
- The total number of affected customers is about 292,000.
- As CryptoPotato reported back in December, Ledger saw its database dumped online by a user who posted screenshots of files that have been uploaded to forums purportedly contacting the “entire database” of Ledger customer’s emails, phone numbers, and addresses.
- Now, Ledger reveals that regarding the Shopify breach, the investigation is ongoing, and they would continue to provide updates as they unfold. They’ve also contacted all the affected users via email today, January 13th, as well as the French Data Protection Authority back on December 26th, 2020. The company is also working with forensics experts.