See More

Shopify Security Breach Exposes More Ledger Customers’ Sensitive Data

2 mins
Updated by Ryan Smith
Join our Trading Community on Telegram

In Brief

  • A Shopify data leak has exposed another 20,000 Ledger customers' personal data.
  • The incident comes just weeks after hackers exposed the sensitive information of around 270,000 Ledger customers.
  • The firm's users have been the target of phishing and extortion attempts since the initial leak last summer.
  • promo

A previous security breach at the e-commerce firm Shopify has exposed sensitive data belonging to customers of around 200 of its merchants.

Among those impacted are customers of the cryptocurrency hardware wallet manufacturer, Ledger. The incident is the second time Ledger customers have potentially had personal information exposed in recent memory.

Although most of the data is the same as that from Ledger’s own security breach last year, those behind the Shopify leak have secured an additional 20,000 customer records.

Another 20,000 Ledger Customers at Risk

As BeInCrypto reported last year, a massive data leak at cryptocurrency hardware manufacturer Ledger saw the personal information of around 270,000 customers stolen. In December, the data found its way onto a public online forum.

Ledger initially downplayed the breach, stating that the June incident impacted only 9,500 users. However, the public release of the data showed otherwise.

With full names, home addresses, and emails leaked, reports of phishing attempts have since emerged. Some users even reported extortion attempts involving death threats.

Already a growing trend in crypto’s bad books, Ledger disclosed yet another breach on Wednesday. In a company blog post, the firm revealed that it was among the merchants impacted by a security incident at the multinational e-commerce firm Shopify.

According to a post on Shopify’s website detailing the September 2020 incident, two ‘rogue members’ of the company’s support team stole transactional records from around 200 merchants.

The Shopify incident first came to light on Sept. 22, but the now-fired staff ‘illegally exported’ data in April and June. However, Ledger claims to have only learned about the leak involving its customers on Dec. 23.

Shopify is reportedly working with the FBI and other international law enforcement agencies to investigate the incident. Meanwhile, Ledger has reported the Shopify incident to the French Data Protection Authority and informed those additional users impacted earlier Wednesday.

Changes to Customer Data Storage

As part of Ledger’s more recent disclosure, the company has announced changes to the way it will handle customer data in the future. It claims it is now committed to storing personal information for the least time possible.

Additionally, the French hardware wallet manufacturer says it will delete sensitive data from order confirmation emails to avoid future information leaks via e-commerce providers. The company also says it will add a messaging protocol to Ledger Live, reducing the dependence on email communication with customers.

As well as pledging to continue working with global law enforcement, the firm announced the hiring of additional private investigators and the creation of a 10 BTC reward purse for information leading to the arrest and prosecution of those responsible.

Although repeating that the leak had not affected customers’ devices, many impacted users were understandably upset. Some stated that it is completely unacceptable for an apparent security company to leave customer data vulnerable in the first place:

Top crypto platforms in the US | April 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

c8d670c5ace3fefdd9c2b09519d3b3c7?s=120&d=mm&r=g
A former professional gambler, Rick first found Bitcoin in 2013 whilst researching alternative payment methods to use at online casinos. After transitioning to writing full-time in 2016, he put a growing passion for Bitcoin to work for him. He has since written for a number of digital asset publications.
READ FULL BIO
Sponsored
Sponsored