Cryptocurrency hardware wallet maker Ledger has revealed details of the personal data breach of 292,000 customers and an update to its privacy policy.
According to an article in the Ledger blog, the company intends to update its data privacy policy to minimize future damage from the leaked personal data of customers last year. The data breach started back in April 2020 and affected approximately 292,000 customers. As Ledger found out last month, the hack was the fault of “scammers” from Shopify’s support team that sells Ledger.
Between April and June 2020, scammers used their API access to retrieve customer transaction records. Ledger became aware of the data breach after receiving a letter from an independent researcher on July 14, 2020. The company found that about a million email addresses had been stolen, as well as about 10,000 records of sensitive data, including postal addresses, names and phone numbers.
In December 2020, Ledger discovered a data breach of 272,000 customers, and in January Shopify told Ledger that an additional 20,000 users were leaked. Clients who received phishing emails feared they could be targeted by criminals. In December, Ledger CEO Pascal Gauthier said the company would not reimburse customers whose personal data, including home addresses, were leaked.
In a blog post, Ledger stated that it “deeply regrets that these incidents happened and also sympathizes with the pain and stress they have caused for customers.” The company noted that it is working with law enforcement and blockchain analysis firms to track down the hacker. Ledger has created a 10 BTC bonus fund that will be paid out upon providing “information leading to the successful arrest and prosecution of a hacker.”
The company will also update its privacy policy. The update will aim to “completely erase” customer personal data and encourage third-party service providers to “retain this data for as short a period of time as possible”. In addition, the company isolates data that needs to be stored for a long time.
“These attacks have only strengthened our resolve to build and deliver products that keep you and your cryptocurrency safe,” reads an article on the Ledger blog.