Shopify facing another lawsuit from crypto holders over Ledger data breach

Published at: April 5, 2022

Global e-commerce platform Shopify and hardware wallet maker Ledger face a major legal hurdle as a group of Ledger users have filed a class-action lawsuit for its part in failing to prevent a massive data breach in 2020.

The suit was filed in the U.S. District Court of Delaware on Apr. 1 and alleges that Shopify “repeatedly and profoundly failed to protect its customers’ identities.”

Shopify and its third-party data consultant TaskUs are being held responsible by complainants for leaking personally identifiable information (PII) of Ledger buyers despite marketing promises assuring the full security of the Shopify platform.

The plaintiffs claim Shopify and TaskUs were aware of the data breach for over a week before notifying customers. They are asking for the exact type of information leaked to be disclosed by Ledger and Shopify and for a monetary reward that covers actual and punitive damages.

France-based Ledger is also included as a defendant in the case for its marketing claims promising customer security. The complaint states that Ledger “initially denied that any compromise of PII had occurred,” but later had to backtrack and refer to the leak and to Shopify in an email notification. The complaint stated:

"Despite the repeated promises and worldwide advertising campaign touting unmatched security for its customers, Ledger—and its data processing vendors, Shopify and TaskUs—repeatedly and profoundly failed to protect its customers’ identities, causing targeted attacks on thousands of customers’ crypto-assets and causing Class members to receive far less security than they thought they had purchased with their Ledger Wallets."

Hardware wallets, otherwise known as cold wallets, are physical devices that provide crypto users with added security for their private keys and seed phrases. They are marketed to be more secure than hot wallets.

As the complaint alleges, Ledger used Shopify to run its website’s online store. As a result of that relationship, Shopify had direct access to the PII of customers on Ledger’s database. Shopify uses TaskUs to provide customer support services, and therefore it also had access to Ledger’s customer data.

Hackers made off with personal information from about 272,000 Ledger users and over 1 million email subscribers to Ledger’s newsletter in 2020. A massive phishing and intimidation campaign targeting Ledger owners followed resulting in some victims losing crypto assets.

Related: Ledger partners with The Sandbox to promote crypto education in the metaverse

This is not the first class-action suit filed against both Ledger and Shopify regarding the data breach. In April 2021, a different group of complainants filed suit in California. That complaint made allegations similar to the recent Delaware filing that Shopify and Ledger “negligently allowed, recklessly ignored, and then intentionally sought to cover up.”

On April 2, hardware wallet maker Trezor was the subject of a phishing attack that targeted its users through the MailChimp marketing service provider. On April 3, Trezor confirmed in a tweet that there had been a data breach. The company warned users that it would stop communicating via the newsletter, and had shut down three of its domains.

Tags
Business
Hardware Wallet
Ledger
Related Posts
Scammers mail out fake hardware wallets to victims of Ledger data breach
The consequences of Ledger’s major data breach continue to be felt almost a year later. One contributor to the r/Ledgerwallet forum on Reddit, writing under the tag u/jjrand and self-identified as one of those affected by the breach, has posted images of what appears to be a fake Ledger Nano X wallet received in the mail. Wrapped in seemingly authentic packaging, the device nonetheless included several tell-tale signs that sparked the contributor’s suspicion. Most jarringly, the package came together with a poorly written letter claiming to be signed by Ledger CEO Pascal Gauthier, telling its recipient: “For security purposes we …
Business / June 17, 2021
Former digital head at luxury brand group LVMH takes role at Ledger
The revolving door between traditional finance and the crypto space is well established. Now, executives from the luxury goods sector appear to be following in their steps. Ian Rogers, formerly the chief digital officer at LMVH, is taking on a new role as “chief experience officer” at Ledger, the well-known French crypto hardware and software maker. LMVH was formed in 1987 from the merger of high fashion house Louis Vuitton and Moët Hennessy, which itself formed from a merger of champagne maker Moët & Chandon and cognac producer Hennessey, back in 1971. The newly-created role of chief experience officer involves …
Business / Nov. 30, 2020
Ledger partners with The Sandbox to promote crypto education in metaverse
The cryptocurrency hardware wallet provider Ledger has partnered with The Sandbox blockchain game to promote crypto education in its virtual world. Ledger’s chief experience officer Ian Rogers announced the news at the Non-Fungible Conference (NFC) on Monday. He said that the new partnership aims to bring security into The Sandbox’s world and also provide Ledger with a place in The Sandbox (SAND) to educate people about crypto. Rogers thanked The Sandbox and the company’s co-founder and chief operations officer Sebastien Borget for this opportunity, noting that Ledger will provide SAND owners with custom Ledger Nanos as part of the partnership. …
Adoption / April 4, 2022
Ledger hardware wallets hit by the FTX earthquake, CTO says
Hardware-based cryptocurrency wallet provider Ledger has experienced some issues due to massive outflows from crypto exchanges amid the FTX bloodbath, according to its chief technology officer. Ledger saw a “massive usage” of their platforms and suffered a “few scalability challenges” on Nov. 9, Ledger CTO Charles Guillemet reported in a statement on Twitter. Guillemet reasoned Ledger’s issues by the outcomes of the ongoing crisis of a major global cryptocurrency exchange, FTX. The CTO said that crypto investors have been increasingly offloading their holdings from crypto exchanges to Ledger, stating: “ After the FTX earthquake, there's a massive outflow from exchanges …
Bitcoin / Nov. 10, 2022
‘Father of the iPod’ helps Ledger create new cold crypto wallet
Hardware wallet provider Ledger, known for its cold-storage devices, announced its seventh crypto wallet in collaboration with the creator of the original iPod. Tony Fadell, the inventor of the iconic iPod Classic model, has partnered with Ledger to help the company design its latest wallet device known as Ledger Stax. The company broke the news on Dec. 6 at Ledger’s bi-annual Web3 developer event, Ledger Op3n, in Paris. Ledger’s upcoming new hardware wallet is a credit card-size device that features a large E Ink display, capacitive touch, Bluetooth support, wireless charging and more. For the first time in Ledger's product …
Bitcoin / Dec. 6, 2022