Hardware wallet maker Ledger and global e-commerce platform Shopify are facing a great legal difficulty as a bunch of Ledger users have issued a class-action lawsuit since it failed to prevent the great data breach of 2020.
On April 1, the suit was filed in the U.S District Court of Delaware and accused Shopify of failing to protect the identities of its customers “repeatedly and profoundly.”
Shopify, along with TaskUs, its third-party data consultants, is being held accountable for leaking Ledger buyers’ personally identifiable information(PII) even though the extensive marketing repeatedly assured the platform’s full security.
According to the complaints, Shopify and TaskUs knew about the data breach for more than a week before they informed customers. The plaintiffs demand a monetary reward that covers all kinds of damages and the exact information which was leaked by Shopify and Ledger.
Ledger, based in France, is a defendant in the case due to its marketing claims that guaranteed the security of its customers. As per the complaint, Ledger at first even denied that any leakage of PII had even occurred. However, later the company had to refer to the leak and Shopify in an email notification.
The complaint accused Ledger of running its website’s online store using Shopify. The collaboration had provided direct access to Shopify of customers’ PII on the database of Ledger. Meanwhile, Shopify leverages TaskUs for providing customer support services and thus also has access to the data of Ledger’s customers.
Hackers stole the personal information of around 272,000 Ledger users and more than 1 million email subscribers to Ledger’s newsletter in 2020. After which, they did a huge phishing and intimidation campaign aimed at Ledger owners, which eventually resulted in many losing their digital assets.
It is also important to note here that this is not the first time that a class-action suit has been filed against both Ledger and Shopify regarding the data breach. A different bunch of plaintiffs filed a suit in California in April 2021. Interestingly, similar allegations were made in that complaint too. The complaint stated, “negligently allowed, recklessly ignored, and then intentionally sought to cover up.”
Trezor, a hardware wallet maker company, also faced a phishing attack that targeted its customers via a MailChimp marketing service provider on April 2. In a tweet on April 3, Trezor verified that a data breach activity had happened. Later, the company, in a warning, said that it would discontinue communication through the newsletter and had closed down three of its domains.
Source: https://www.thecoinrepublic.com/2022/04/05/another-lawsuit-filed-against-shopify-in-case-of-ledger-data-breach-by-crypto-wallet-holders/