Hardware wallet Ledger suffered a breach of one million customer emails
France based hardware wallet firm Ledger said today that it suffered a data breach of its marketing and e-commerce database, resulting in the exposure of customer information including the emails of approximately 1 million email addresses, on June 25.
However, all financial information—such as payment information, passwords, and funds—was similarly unaffected. The breach was unrelated to Ledger’s hardware wallets or its Ledger Live security product, the company added.
We review the Ledger Nano S to see if it deserves to be one of the top ranking crypto hardware wallets.
“Solely contact and order details were involved. This is mostly the email address of approximately 1mln of our customers. Further to the investigation, we have also been able to establish that a subset of them was also exposed: first and last name, postal address phone number, and product(s) ordered,” said Ledger in its announcement.
Two days after the researcher exposed the vulnerability, Ledger filed a report with France’s Data Protection Authority, the CNIL, and by July 21, it had partnered with Orange Cyberdefense (OCD) to assess the potential damages and further identify breaches.
On the 17th of July, we notified the CNIL, the French Data Protection Authority which ensures that data privacy law is applied to the collection, storage, and use of personal data. On the 21st of July, we partnered with Orange Cyberdefense to assess the potential damages of the data breach and identify potential data breaches, the company’s blog said.
After a thorough investigation by our security team and Orange Cyberdefense, we can conclude the ecommerce and marketing database has been breached. By the time of this posting, all affected customers will have received an email with this update, the blog added.
The firm is also working with the Orange Cyberdefense (OCD) to find any evidence of the stolen data being sold online. The OCD filed an initial report on July 24, but the investigation by CNIL is still ongoing.