Customers of the cryptocurrency wallet provider Ledger are suing over a massive data breach.
The initial complaint, filed with the US District Court for the Northern District of California, alleges that Ledger and Shopify (an e-commerce platform that’s partnered with Ledger) “negligently allowed, recklessly ignored, and then intentionally sought to cover up” the breach. Any damages awarded to the plaintiffs would be determined at trial, should the lawsuit get that far.
Ledger sells hardware wallets, which are physical storage devices that let you hold crypto offline; the idea is that they’re less vulnerable to attacks than crypto stored on the internet.
Last July, the company announced that hackers had acquired 1 million customer emails from its servers, along with a list of associated email addresses. No funds were stolen, but users say that the exposed list of customer identities is potentially just as bad.
“To the world of hackers, Ledger’s customer list is gold,” explains the complaint. “It is a list of people who have converted substantial wealth into anonymized crypto-assets that are transferable without a trace. Using that list, hackers can manipulate or compel those owners to make untraceable and irreversible transfers of the crypto-assets into the hackers’ accounts. The stakes of security for crypto-assets are thus enormous.”
Representatives for Ledger did not immediately respond to Decrypt‘s request for comment regarding this lawsuit. In an interview with Decrypt last year, Ledger CEO Pascal Gauthier said he didn’t plan to compensate customers in the wake of the hack.
“When you have a data breach of this magnitude for such a small company, we won’t reimburse for a million users, all the devices, that’s just not possible,” he said at the time. “It would just kill the company.”
If customers get their way, Gauthier may not have a choice.
Author: Will Gottsegen