A new class-action lawsuit has been filed against e-commerce platform Shopify and crypto wallet platform Ledger. The lawsuit filed surrounds breach of customer data.
Shopify and Ledger are facing a lawsuit over customer data breach, which occurred last year. The security breach is alleged to cause many users to fall victim to phishing attempts disguised as Ledger’s emails. The class-action lawsuit against Shopify and Ledger seeks compensation to users who lost funds due to the phishing attempts. The data breach led to a leak of personal data of over 270,000 users.
Details of the case
The plaintiffs, in this case, are John Chu and Edward Baton, who seek compensation for the losses they accrued as a result of the data breach. The case has been presented at a court in North California. According to the plaintiffs, their losses were not caused by vulnerabilities in the Ledger wallets. It happened after their data was leaked after the security breach, leading to phishing attacks.
In July last year, Ledger suffered a significant breach of the customer’s database. The breach happened during the summer, where Shopify employees facilitated the exploited vulnerability on Ledger’s database. In a blog post published by Ledger in January, the company stated that the exposure enabled hackers to access their clients’ data.
Some of the information that they were able to retrieve includes email addresses, phone numbers, shipping addresses, and more. Some of the data was sold to other hackers on the dark web, while other hackers posted it free on hacking forums.
As a result of the hack, one of the plaintiffs, John Chu, lost 4.2 BTC and 11 ETH that had a combined value of $267,000 at the time. The second plaintiff lost 150,000 XLM tokens. The plaintiffs stated that Ledger did not take full accountability for the breach, and they were not transparent about it.
For this reason, the plaintiffs are seeking compensation for the losses they suffered. The lawsuit stated that Ledger’s attempt to hide the breach’s full scope caused considerable damages to their customers. The legal document adds that if Ledger had taken responsibility for the breach early enough, the extent of damage could have been lower.
At the moment, it is not clear as to whether Ledger understood the full impact of the attack after it happened. However, in a January blog post, the company admitted that they had downplayed the damage the security breach had caused.
Ledger states that they understood the full scope of the damage after the details of 270,000 customer accounts were published and sold on hacking platforms.