Search...

Ledger Reveals 3 Month Policy for Keeping Buyer Info; 2,000 New Users Affected in Data Breach

This time the information was leaked by the hardware wallet’s e-commerce provider Shopify’s rogue employees. But “these attacks have only strengthened our resolve to build and release products that keep you and your crypto safe,” says Ledger.

Hardware wallet Ledger, which is meant to “provide security to critical digital assets for consumers & institutional investors,” keeps leaking information about its customers.

After the last data breach affected 272,000 customers, yet another one has leaked the customer records of additional 20,000 Ledger customers.

On Wednesday, Ledger informed the crypto community that in an incident in the first half of 2020 (April and June), its e-commerce provider Shopify’s team members illegally exported merchants’ customer databases.

Shopify alerted Ledger about this incident on December 23rd, in which 93% of the information obtained was similar to the previous data dump, 7% of the customer records breached were new.

Reportedly, this incident affected over 200 merchants of Shopify, but the e-commerce giant didn’t discover that Ledger was also targeted in this attack until Dec. 21st, 2020.

As for why Ledger would keep the information, the company says, “our goal is to completely delete your personal data (such as your name, address, and phone number) as soon as possible.”

However, the company stores e-commerce information for “accounting and legal obligations,” in a segregated environment — “separate, dedicated, and encrypted storage inaccessible from the internet or external devices, with limited access rights” — for “as short a period of time as necessary” which is 3 months after the order is shipped.

The company has already contacted the concerned users directly to inform them about this incident.

“We are dedicated to taking action against this incident,” wrote Ledger while advising users to never share a 24-word recovery phrase.

If a user purchased a Ledger product after the end of June 2020 or outside of the Ledger.com site, their data is not exposed.

“We are deeply sorry that these incidents occurred and for any pain or stress they’ve caused our customers,” reads the official announcement in which the company says it will

“soon release a technical solution that will remove the 24 words as the single pillar of the security of our hardware wallets and will open the door to funds insurance for individual customers.”

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter
AnTy

    AnTy has been involved in the crypto space full-time for over two years now. Before her blockchain beginnings, she worked with the NGO, Doctor Without Borders as a fundraiser and since then exploring, reading, and creating for different industry segments.

    Add comment

    E-mail is already registered on the site. Please use the Login form or enter another.

    You entered an incorrect username or password

    Sorry, you must be logged in to post a comment.
    Sign Up Sign In
    Sign Up

    Sign In
    Forgot Your Password?
    Forgot
    Your Password?

    Password reset instructions will be
    sent to your E-mail
    Back to Sign In
    Set password
    Error: this field is requeired
    Error: this field is requeired

    Back to Sign In
    Bitcoin Exchange Guide