- Cryptocurrency security company Ledger has provided an update on the database breaches that exposed the personal information of its customers
- The company says it has adopted new policies to keep customer data for the shortest amount of time possible while staying compliant
- Ledger has also set up a 10 BTC bounty for information that would lead to the attacker(s) being arrested and prosecuted
- The security of Ledger’s products themselves was not compromised in the security breaches, but customers are now more likely to be targeted by phishing and other cyber attacks
Ledger provides update on customer information leaks, sets up 10 BTC bounty
Cryptocurrency security company Ledger has provided additional information regarding its response to the database breaches that exposed the personal information of thousands of its customers.
Ledger was notified in July 2020 that its e-commerce and marketing database was breached. The stolen information was dumped on a public forum in December, containing name, address and phone number information on approximately 272,000 Ledger customers and over 1 million email addresses belonging to customers.
In the update, Ledger says that Shopify notified the company on December 23 that Ledger was one of the affected companies in an incident from September 2020 in which rogue employees of Shopify’s customer support team obtained transactional records of over 200 merchants that are using Shopify’s services.
According to Ledger, the database from the Shopify incident is 93% similar to the data that was stolen in the previous attack. However, it does contain about 20,000 customer records with personal information that weren’t exposed previously.
The company says it has adopted to keep the personal data of its clients for the shortest amount of time possible while still remaining compliant with regulations. Ledger added that they will be keeping the personal information they’re required to keep in a segregated environment.
The security of Ledger’s cryptocurrency wallets themselves wasn’t compromised in the attacks. However, customers who have had their personal information exposed are now being targeted by cybercriminals at increased rates.
Commonly, the attacks come in the form of phishing – the attacker impersonates Ledger in an email and asks the user to provide the 24-word backup phrase that can be used to access their wallet. Phishing attacks targeted against Ledger users are also being attempted through fake websites that pose as the Ledger website. According to Ledger, it has already shut down 216 phishing websites with the help of Corsearch.
Ledger has also set up a 10 BTC ($395,000) bounty for information that would lead to the arrest and prosecution of the attacker(s) responsible for the security breach.
The company apologized to affected customers and said that it’s working on a technical solution that will provide additional security to the owners of its hardware wallets:
»We are deeply sorry that these incidents occurred and for any pain or stress they’ve caused our customers. Keeping you secure is Ledger’s mission and we take these incidents extremely seriously both personally and professionally. We will soon release a technical solution that will remove the 24 words as the single pillar of the security of our hardware wallets and will open the door to funds insurance for individual customers.«
Back link Ledger Provides Update on Security Breaches, Sets Up 10 BTC Bounty for Information on the Attacker(s) | CoinCodex https://cloudtokenplus.com https://cloudtokenplus.com