Crypto-wallet Firm Ledger Reveals Major Security Breach
Leading crypto-wallet firm Ledger has made a shocking announcement regarding a significant security breach that has impacted its e-commerce and marketing database. The breach has resulted in the exposure of one million customer email addresses and the personal details of thousands of individuals.
Details of the Breach
Along with the compromised email addresses, the hacker managed to obtain the personally identifiable information (PII) of 9500 customers. This includes sensitive information such as first and last names, postal addresses, phone numbers, and details of ordered products. However, Ledger has assured customers that no financial information or passwords were accessed during the breach. Furthermore, the incident does not affect the security of customers’ hardware wallets or stored funds.
Response and Actions Taken
Upon discovering the breach, Ledger promptly notified the French data protection regulator CNIL on July 17th. The company also engaged the services of Orange Cyberdefense to assess the extent of the damage and bolster its internal security measures. Despite fixing the initial breach following a researcher’s report, Ledger found that it had been further exploited by an unauthorized third party on June 25, 2020.
In response to the incident, Ledger has committed to achieving ISO 27001 certification to enhance its security protocols and protect customer data in the future.
Expert Insights
Chris DeRamus, VP of technology at Rapid7’s Cloud Security Practice, expressed concerns about the breach impacting customer trust in the Ledger brand. He emphasized the importance of safeguarding sensitive information, including email addresses and cryptocurrency funds, from malicious actors.
To prevent similar incidents, DeRamus recommended implementing Identity Access Management (IAM) governance. This involves following the principle of least-privileged access to restrict unauthorized access to sensitive data and systems.
In conclusion, while Ledger has taken steps to address the security breach and mitigate its impact, the incident serves as a reminder of the ongoing threats faced by businesses in the digital age. Safeguarding customer data should be a top priority for companies operating in the crypto industry.