- E-commerce platform Shopify and hardware wallet maker Ledger are facing a major legal hurdle as a group of Ledger users filed a class-action lawsuit over their failure to prevent a massive data breach in 2020.
- Cryptocurrency hardware wallet provider Trezor launched an investigation into a potential data breach that could have compromised customers’ email addresses and other users’ personal information.
E-commerce giant Shopify, which also sells cold cryptocurrency wallets, is facing a lawsuit from Ledger users. Cold wallets are physical devices that help increase the security of storing crypto assets. The suit was filed in U.S. District Court in Delaware on April 1 and alleges that Shopify “repeatedly and seriously failed to protect the identity of its customers.”
Also Read: Nuvei Partners with Ledger to Offer Direct Crypto On-Ramp for Millions of Users
Details of the lawsuit
Shopify and its third-party data consultant TaskUS are fully responsible for the leakage of users’ personal data (PII). According to the plaintiffs, Shopify and TaskUS knew about the leak and hid this information for a week.
At the moment, the prosecution is demanding disclosure of the type of data loss and financial compensation for physical and moral damages. The complaint stated:
Despite the repeated promises and worldwide advertising campaign touting unmatched security for its customers, Ledger—and its data processing vendors, Shopify and TaskUs—repeatedly and profoundly failed to protect its customers’ identities, causing targeted attacks on thousands of customers’ crypto-assets and causing Class members to receive far less security than they thought they had purchased with their Ledger Wallets.
Ledger reportedly initially denied leaking customers’ personal data, but soon admitted to compromising PII. Ledger used Shopify to launch its online store. As a result of this symbiosis, TaskUS and Shopify gained access to Ledger customers’ personal information.
Hackers were reportedly able to steal personal information from about 272,000 Ledger customers, and more than a million email addresses of Ledger newsletter subscribers, resulting in a global phishing campaign.
Trezor is investigating a massive data breach
Another manufacturer of cold wallets has been linked to allegations of leaking customers’ personal data. The Trezor hardware wallet team reported a leak of customers’ personal data on the side of the MailChimp platform, through which the company conducts marketing newsletters. Attackers used user information in a phishing attack. Trezor customers received an e-mail requiring them to update their devices’ software. The emails came from Trezor.us (while the official domain of trezor.io). Trezor representatives wrote;
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.
Trezor refused to send marketing emails until the situation was resolved. Users were advised not to open emails supposedly sent on behalf of the company.
We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity. 2/— Trezor (@Trezor) April 3, 2022