Ledger CEO Pascal Gauthier has issued a statement regarding the recent cyberattack that compromised the personal data of more than 270,000 customers. In a blog post published on the company’s website, Gauthier apologized for the breach and explained the steps that Ledger is taking to prevent such incidents in the future.
According to Gauthier, the attack was an “unfortunate incident” that exposed the vulnerability of Ledger’s e-commerce infrastructure. He said that the attackers exploited a third-party API key that was used to send order confirmations and shipping notifications to customers. The attackers were able to access the database that contained the names, email addresses, phone numbers and postal addresses of Ledger customers who purchased hardware wallets between June 2018 and July 2020.
The cyberattack was carried out by a hacker group called Raidforums, who claimed to have obtained the data from a third-party e-commerce service provider that Ledger used to process orders. The hacker group initially leaked a sample of the data in December 2020, and then released the full database on a public forum in January 2021. The data was also sold on the dark web for an undisclosed amount of money.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The consequences of the data breach are severe for both Ledger and its customers. Ledger has faced a backlash from its users, who have expressed their anger and frustration on social media and online forums. Some users have reported receiving phishing emails and text messages from scammers pretending to be Ledger, asking them to update their firmware or enter their recovery phrases. Others have reported being harassed or threatened by phone calls or physical mail from unknown individuals who have access to their personal information.
Ledger has apologized for the incident and taken some measures to mitigate the damage. The company has launched an internal investigation and hired a security firm to audit its systems. It has also notified the relevant authorities and cooperated with law enforcement agencies. Ledger has offered a free one-year subscription to a digital identity protection service for its affected customers. It has also advised its users to change their passwords, enable two-factor authentication, and beware of phishing attempts.
However, these actions may not be enough to restore the confidence and loyalty of Ledger’s customers, who have entrusted the company with their most valuable assets: their cryptocurrencies. Ledger’s hardware wallets are designed to protect users’ private keys from hackers, but the data breach has exposed them to other forms of attacks that could compromise their funds or identities. Moreover, Ledger’s competitors, such as Trezor and KeepKey, may seize this opportunity to attract new customers or lure away existing ones.
The cyberattack on Ledger is a wake-up call for the cryptocurrency industry, which has been plagued by numerous security incidents in the past. It shows that hardware wallets are not immune to hacking, and that users need to be vigilant about their personal data and online security.
It also shows that hardware wallet providers need to invest more in their cybersecurity infrastructure and customer service and adopt best practices to prevent future breaches. The future of cryptocurrency depends on the trust and satisfaction of its users, and that trust can only be earned by providing them with reliable and secure products and services.
Gauthier assured that no financial information, payment details or cryptocurrency funds were affected by the breach. He also said that Ledger has notified the relevant authorities and is working with law enforcement agencies to track down the perpetrators.
He added that Ledger has taken measures to enhance its security systems, such as revoking the compromised API key, encrypting customer data, auditing its code and infrastructure, and hiring external experts to conduct penetration tests.
Gauthier acknowledged that the breach has damaged the trust and reputation of Ledger, which prides itself on providing secure solutions for storing and managing digital assets. He said that Ledger is committed to restoring that trust and protecting its customers from phishing attempts and other malicious activities.
He urged customers to follow the best practices for securing their devices and accounts, such as using a strong password, enabling two-factor authentication, verifying the authenticity of emails and websites, and updating their firmware.
Gauthier concluded his statement by expressing his gratitude to the Ledger community for their support and understanding. He said that Ledger will continue to work hard to deliver high-quality products and services that meet the expectations of its customers. He also invited customers to contact Ledger’s customer support team if they have any questions or concerns regarding the breach or their security.