Ledger said customer details have been stolen in a data breach that may well have been exploited for over two months.
- In a note to clients Wednesday, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large-scale data breach from an unauthorized third party.
- The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.
- Customers affected include those who signed up for Ledger's newsletter or to receive promotional material.
- Information stolen included email addresses, with a smaller "subset" of 9,500 customers also having their full names, postal addresses and phone numbers exposed.
- In total, the company estimates around one million email addresses have been stolen.
- Payment information, passwords and cryptocurrency funds have not been affected.
- The data breach was first detected as part of a bug bounty program on July 14.
- Ledger estimates the data may have been accessed from April until the end of June.
- A Ledger spokesperson confirmed to CoinDesk the data breach has now been fixed.
- The wallet provider has now alerted the French authorities and is filing a complaint with the public prosecutor.
- Ledger said it has not found customer information disseminated online nor has it received any ransom demands.