Shopify, an e-commerce company, and Ledger, a crypto hardware wallet maker, face a class-action lawsuit in the United States over a huge data breach that occurred last year. The Class action lawsuit has been filed with North California court by former consumers John Chu and Edward Baton, who seek losses covering the massive data breach. The Plaintiffs claimed that the firms carelessly permitted, heedlessly overlooked, and then intentionally attempted to cover up the data breach.
In April and June 2020, rogue employees at Shopify, Ledger’s e-commerce associate, exploited database vulnerability. This enabled the hackers to obtain illegal entrance to Ledger clients’ data. It involves full names, phone numbers, email, and shipping addresses. Moreover, the rogue employees sold the data on the dark web. By early December 2020, reports proceeded to increase regarding phishing attempts on hardware wallet users.
Lawsuit Alleges Ledger did not Inform about the Attack.
Then on Dec. 21, 2020, a hacker published the data on a website named RaidForums for anyone to view freely. Due to the phishing attacks that happened, plaintiff Chu lost approximately 4.2 BTC and 11 ETH, worth about $267,000. Meanwhile, Baton lost nearly 150,000 XLM. Several of the victims even began getting threats of home invasion and other scare tactics from perpetrators. The lawsuit claims that Ledger failed to inform concerned consumers and admit to the breach’s extensive scope in time. The plaintiffs now demand damages for their lost funds.
However, it still needs to be proven whether Ledger knew about the hack’s scope and intentionally decided not to notify its users. Ledger unveiled data about the breach in July 2020, which disclosed that approximately 9500 users were attacked. In a January 2021 blog post from Ledger, the company confirmed disparaging the breach. If Ledger’s account is accurate, it was not until hackers issued all 270,000 entries that the company realized the true extent of the breach was more significant than it believed.
Ledger also provided a 10 BTC bounty fund for data leading to the hackers’ successful arrest and prosecution. Ledger trades hardware wallets, which are physical storage tools that let you keep crypto offline; the plan is that they’re less exposed to attacks than crypto collected on the internet. Further, the suit does not designate the amount of damages sought for the class action, although it recognizes the matter as worth over $5 million.