Ledger said customer details have been stolen in a data breach that may well have been exploited for over two months.
- In a note to clients Wednesday, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large-scale data breach from an unauthorized third party.
- The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.
- Customers affected include those who signed up for Ledger's newsletter or to receive promotional material.
- Information stolen included email addresses, with a smaller "subset" of 9,500 customers also having their full names, postal addresses and phone numbers exposed.
- In total, the company estimates around one million email addresses have been stolen.
- Payment information, passwords and cryptocurrency funds have not been affected.
- The data breach was first detected as part of a bug bounty program on July 14.
- Ledger estimates the data may have been accessed from April until the end of June.
- A Ledger spokesperson confirmed to CoinDesk the data breach has now been fixed.
- The wallet provider has now alerted the French authorities and is filing a complaint with the public prosecutor.
- Ledger said it has not found customer information disseminated online nor has it received any ransom demands.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.