Trezor and Ledger Facing Lawsuit Over Phishing Attempt and Massive Data Breach - Are They Safe?

Quick take:

• A group of Ledger users filed a class-action lawsuit against Shopify and Ledger.
• The lawsuit was a follow-up to a massive data breach in 2020.
• Trezor wallet team has launched a potential investigation that might have compromised customers’ email addresses and personal information.

Ledger customers have filed a class-action lawsuit following a 2020 data breach. The breach leaked information of over 1 million users. The lawsuit also links Shopify, which is said to have played a role in the violation.

Attackers apparently gained access to Ledger's online shop, where consumers buy hardware wallets, between April and June 2020. They could gain access to and steal personal information from over 270,000 people who had placed an order for a Ledger wallet. 

They also had access to data on over a million other people who had signed up for the company's newsletter.

The lawsuit states the failure of the two companies to exercise reasonable care in securing and safeguarding consumer information. The breach distributed the personal information of several users publicly. 

“Despite the repeated promises and worldwide advertising campaign touting unmatched security for its customers, Ledger—and its data processing vendors, Shopify and TaskUs—repeatedly and profoundly failed to protect its customers’ identities, causing targeted attacks on thousands of customers’ crypto-assets and causing Class members to receive far less security than they thought they had purchased with their Ledger Wallets.”

Trezor is looking into a massive data breach

Trezor, another cold wallet manufacturer, is in trouble as it has been linked to leaking customers' personal data. The team at Trezor reported a leak of customer personal data on the MailChimp platform. The platform is used for conducting newsletter services.

The users received a phishing mail from the scammers asking them to update their software.

Trezor representatives wrote, “MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”

Trezor halted its marketing mail until the problem was entirely resolved. Users were also warned of the same.