Crypto Wallet Maker Ledger Loses 1M Email Addresses in Data Theft

shutterstock_715970245
29 July 2020

Ledger said customer details have been stolen in a data breach that may well have been exploited for over two months.

  • In a note to clients Wednesday, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large-scale data breach from an unauthorized third party.
  • The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.
  • Customers affected include those who signed up for Ledger's newsletter or to receive promotional material.
  • Information stolen included email addresses, with a smaller "subset" of 9,500 customers also having their full names, postal addresses and phone numbers exposed.
  • In total, the company estimates around one million email addresses have been stolen.
  • Payment information, passwords and cryptocurrency funds have not been affected.
  • The data breach was first detected as part of a bug bounty program on July 14.
  • Ledger estimates the data may have been accessed from April until the end of June.
  • A Ledger spokesperson confirmed to CoinDesk the data breach has now been fixed.
  • The wallet provider has now alerted the French authorities and is filing a complaint with the public prosecutor.
  • Ledger said it has not found customer information disseminated online nor has it received any ransom demands.

See also: Coincheck Customers Fall Victim to Data Breach After Domain Account Error