Hardware wallet producer Ledger has been under heat for the breach of its database which led to the disclosure of over 270,000 of its customers’ data. After an investigation, the company has traced the possible culprit via Shopify, the e-commerce platform responsible for managing Ledger’s hardware wallet sales.
Following the discovery, the company has launched a bounty to fish out the Shopify employee(s) responsible for committing the act. According to reports, Ledger has placed a 10 BTC bounty for anyone who finds those responsible. This is the biggest data breach in the history of the company, revealing the names, emails, and postal addresses of those affected.
The Ledger database was first hacked in July 2020. The number of victims was underestimated as 9,500 at the time and probably the extent of the damage as well. It was in December 2020 that the real gravity of the situation was revealed when it was found that no fewer than 272,000 customers were affected. Shopify later informed Ledger of some of its employees accessing the transaction histories of some merchants, one of which was Ledger.
As part of actions to ensure there is no recurrence, Ledger announced it is reviewing how it handles data. This includes holding data for no longer than necessary, not displaying personal data in emails, moving needed data in a further segregated environment as soon as possible, and communicating more with customers directly through Ledger Live. The company will also henceforth delete all data with Shopify and move essential data to a safe location off the internet to prevent further access by hackers.
Ledger is one of the largest producers of hardware wallets, also known as cold wallets. The idea is to store cryptocurrencies offline to prevent issues of hacks such as this in order to minimize the loss of digital assets. The company has grown to become the most popular when it comes to hardware wallets.
The recent hack has however smeared its image and finding the hackers will be a good way to prove to its customers that it is committed to securing their data, thus the huge bounty. It is also working with various law enforcement bodies and blockchain analytics firm Chainalysis to make sure the criminals are unearthed.