According to legal documents republished on Scribd, law firm Roche Freedman has filed a formal complaint against Ledger and Shopify on April 6 on behalf of two lead plaintiffs.
Ledger suffered a number of data breaches in 2020 and one was linked to e-commerce platform, Shopify, which hosts the company’s stores and products.
Ledger admitted responsibility for the Shopify incident in which a rogue employee leaked personal details of 20,000 customers in December 2020. This breach was in addition to one in the summer of the same year that resulted in the details of 292,000 Ledger customers being leaked online.
The class action on behalf of plaintiffs John Chu and Edward Baton opens with:
“Plaintiffs seek redress for the substantial, Class-wide damages that Ledger’s and Shopify’s misconduct caused in connection with a massive 2020 data breach that those companies negligently allowed, recklessly ignored, and then intentionally sought to cover up”
Ledger Still Maintains Security, Lawyers Look For Holes
The firm has stuck by its claim that the devices are still 100% secure but its customers have been singing a different tune. Ledger general counsel Antoine Thibault simply said that “Ledger does not comment on ongoing legal issues,”
Speaking to The Block, partner of the law firm Kyle Roche stated:
“We’ve been investigating this since the day it became public. This investigation included speaking with experts in the data security and cryptocurrency fields,”
The suit does not specify the amount of compensation sought for the class action, but it does identify the matter as being worth over $5 million. The documents reference just two Ledger users who together lost 4.2 BTC, 11 ETH and 150,000 XLM to phishing attacks.
There are likely to be thousands of others out there.
Customers Left in The Lurch
Following the massive data breach, Ledger customers took to crypto and social media to vent their anger at the company which offered no recompense whatsoever and largely blamed users for sloppy security on their part.
Ledger customers had reported everything from outright crypto theft from the devices to threats of physical abuse, home invasions, and even murder.
Hackers and scammers went on a spam and phishing frenzy armed with a Ledger customer database full of personal info that included email addresses, phone numbers, and physical addresses.