Ledger Wallet And Shopify Face Class-Action Suit After Rogue Employee Leaks User Data
Crypto wallet provider Ledger and its e-commerce partner Shopify are in for a tough year.
Both firms are defendants of a class-action lawsuit filed against them following the aftermath of a phishing attack that saw a quarter-million of their customers' details exposed online.
The lawsuit, which is the first of many, was filed by law firm Roche Freedman for John Chu and Edward Baton in California on April 6.
Shopify’s Employee Stole Customer Details
According to the 43-page document, the complaints allege that the defendants had been negligent in their duties of safeguarding customer's personal details between April and June 2020.
The plaintiffs also ask for commensurate compensation for the damages incurred from the data breach and have asked the court to grant all relief allowed by law, including injunctive relief.
According to John Chu, he saw BTC and ETH worth over $267,000 stolen from his digital wallet, and Baton said that he lost $75,000 worth of XLM through phishing scams.
The duo claims to have been deceived by correspondence from the defendants.
Ledger and Shopify later identified the leak's source as one of Shopify’s employees who shared full customer names, email, phone numbers, and shipping address on the database sharing website RaidForums. Following this, customers said they got strange calls and were threatened by unknown persons.
Ledger CEO Pascal Gauthier tweeted to reassure customers of the safety of their funds. He also assured that no hardware wallet was affected by the attacks.
Even though it's been almost a year, the plaintiffs insist that the companies failed to notify affected customers or admit the full scope of the breach.
Speaking to The Block, Kyle Roche said the investigation had begun since the news of the breach became public knowledge. He said experts in the data security and cryptocurrency fields were consulted before any action was taken against the defendants.
In a July 2020 blog post, Ledger tried unsuccessfully to explain the breach admitting that only 9,500 users were affected by the attacks.
It published another blog post in the opening weeks of 2021, notifying customers about the changes they will be initiated in a bid to protect client's data better. The cold storage wallet provider also admitted that its earlier number of affected customers was way off and said that the culprit leaked roughly 272,000 customer data.
It said it was creating a 10 BTC bounty fund for information that could lead to the culprits' arrest.
Roche Freedman Is Crypto’s Bane
Even as the adoption of crypto has grown in a little over a year, many issues have cropped up. One of the most prevalent being malicious attacks that led to losses of digital assets by crypto owners.
US law firm Roche Freedman has been quite active in the past year as cases of retail investors seeing their crypto assets stolen due to the negligence of their service provider have grown.
In a report by investigative outlet OffshoreAlert, Roche Freedman filed 11 class-action lawsuits against 42 defendants. According to the filing, the listed parties were said to have allowed the investing public to trade unregulated cryptocurrencies.
The affected parties included popular exchanges like Binance, TRON, KuCoin, BitMEX, and others. Their company chiefs were not left out, with Binance founder Changpeng Zhao (CZ), Brendan Blumer, Dan Larimer, Vinny Lingham, and BitMEX co-founder and former CEO Arthur Hayes made the list.