On April 1, plaintiffs filed a case against Ledger, a crypto hardware wallet provider and e-commerce website Shopify in the United District Court of Delaware for a massive data breach.
As per the lawsuit submission, Shopify “repeatedly and profoundly failed to protect its customers’ identities” in a massive data breach attack in 2020. The Plaintiffs claimed that the platform was aware of the data breach a week ago.
The allegation charged Shopify and its data consultant TaskUs claiming that the platform leaked confidential personally identifiable information (PII) of Ledger wallet holders and failed to keep promises to ensure the security of users’ data on Shopify.
After the data breach was highlighted by the users, Ledger referred to the leak and to Shopify in an email notification. The complaint stated:
“Despite the repeated promises and worldwide advertising campaign touting unmatched security for its customers, Ledger—and its data processing vendors, Shopify and TaskUs—repeatedly and profoundly failed to protect its customers’ identities, causing targeted attacks on thousands of customers’ crypto-assets and causing Class members to receive far less security than they thought they had purchased with their Ledger Wallets.”
The plaintiffs are demanding clarification on the type of information leaked by Shopify and Ledger as well as a compensation that covers punitive damages, actual damage, and attorney’s fees and costs.
Ledger leverages Shopify to operate its website’s online store and so shares details with it. This means Shopify had direct access to the PII of Ledger customers from the database. As Shopify consults TaskUs for data security and customer support, it had also enabled access to Ledger’s customer data.
Crypto hardware service provider Ledger is also a defendant in the suit because of the ramification of the marketing promise made by the firm while selling the wallets. The plaintiffs claimed that Ledger “initially denied that any compromise of PII had occurred” and later took a U-turn from their stand.
This is not the first time when a crypto wallet service provider falls into a data breaching controversy. Recently, Trezor, another hardware wallet provider, launched a probe for data breaching after numerous users on Twitter complained about phishing attacks.
