Sunday , December 22 2024
Home / Crypto news / Ledger-Shopify Data Breach Saga Not Over Yet, Another Class Action Lawsuit Filed

Ledger-Shopify Data Breach Saga Not Over Yet, Another Class Action Lawsuit Filed

Summary:
A group of Ledger users has filed a class-action lawsuit in the United States District Court of Delaware against Global e-commerce platform Shopify, its third-party data consultant TaskUs as well as the hardware wallet maker itself. Another Lawsuit According to the official document, the plaintiffs accused Shopify and TaskUs of their “failure to exercise reasonable care in securing and safeguarding” user data connected to the 2020 data breach that affected Ledger SAS crypto wallets. The complaint read that the breach resulted in the unauthorized public release of around 272,000 pieces of personal information such as name, email ID, postal address, and telephone numbers. The plaintiffs claimed that both Shopify and TaskUs were reportedly aware of the data leak for more than

Topics:
Chayanika Deka considers the following as important: , , , ,

This could be interesting, too:

Wayne Jones writes Argentina’s Mining Sector Pioneers Lithium Tokenization by Tapping Cardano

Wayne Jones writes Chinese Auto Dealer Dives Into Bitcoin Mining With 6M Investment

Wayne Jones writes Nigeria Arrests 792 in Landmark Crypto-Romance Scam Raid

Wayne Jones writes NFT Gaming Project CyberKongz Receives Wells Notice from SEC

A group of Ledger users has filed a class-action lawsuit in the United States District Court of Delaware against Global e-commerce platform Shopify, its third-party data consultant TaskUs as well as the hardware wallet maker itself.

Another Lawsuit

According to the official document, the plaintiffs accused Shopify and TaskUs of their “failure to exercise reasonable care in securing and safeguarding” user data connected to the 2020 data breach that affected Ledger SAS crypto wallets.

The complaint read that the breach resulted in the unauthorized public release of around 272,000 pieces of personal information such as name, email ID, postal address, and telephone numbers.

The plaintiffs claimed that both Shopify and TaskUs were reportedly aware of the data leak for more than a week before notifying customers of the hack. Between April-June 2020, attackers exploited Ledger’s database via Shopify and TaskUs and obtained the list of the former’s customers’ PII. By the end of June, the victims’ data had been traded on the black market, which left them vulnerable to phishing attacks.

Ledger, which is also being accountable for repeated promises and global advertising campaigns touting its security, had initially denied the breach. By December 2020, the extent of the exploit worsened when the hacker published Ledger’s customer list online from Shopify.

Apart from phishing attacks. the victims also faced threats of physical assault and blackmail if they failed to transfer their funds to the criminals. It was then, the plaintiffs alleged, that the French hardware wallet company sent some of its customers affected by the data breach an email informing them for the first time that their PII was leaked.

The complaint also claimed that Ledger used Shopify to operate its website’s online store, due to which the latter had direct access to the personal information of users on Ledger’s database. Shopify uses TaskUs as a third-party contractor to provide customer support services and hence had access to the said customer data.

California Court Dismisses 2020 Data Breach Lawsuit

This isn’t the first time that Ledger and Shopify have been sued for a data breach that alleged several Ledger users lost their crypto assets in phishing attacks after their personal data got leaked.

However, the California court ruled in favor of Shopify and Ledger’s motion to dismiss the lawsuit in November last year. Judge Edward Chen stated that the US-based court does not have jurisdiction over the two entities since they are headquartered in Canada and France.

Earlier this week, another cryptocurrency wallet company, Trezor, confirmed that its users were targeted in MailChimp exploit. It was now investigating the email phishing campaign wherein the hackers sent fake notifications of data breaches after compromising a mailing list.

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *