Accueil
>
Exclusive. Ledger fined €750,000 by CNIL

Exclusive. Ledger fined €750,000 by CNIL

Affected by a data leak in 2020, the global digital asset preservation giant has been found responsible for the management of its customer file.
23.10.2024

More than four years after a customer file at Ledger, the world leader in crypto-asset storage solutions, was hacked, the CNIL has ruled that the French company had not put in place adequate security measures to protect its private data.

According to our information, confirmed by the CNIL, the public body responsible for protecting online privacy has imposed an administrative fine of €750,000 for breaches of two articles of the General Data Protection Regulation (GDPR). The first concerns the length of time that data must be kept, and the second the way in which this retention was to be ensured.

When questioned, the company confirmed the sanction and reiterated that it was “firmly committed to implementing the strictest data protection and confidentiality measures, which are continually evaluated and improved”.

These proceedings originated in around fifty complaints lodged with the CNIL by several Ledger customers (residents of France and other EU countries), whose private data had found its way into the wild following two hacks.

The first occurred between May and June 2020, when two hackers recovered the file of around 290,000 customers via the Shopify e-commerce platform.

The leak concerned the names, telephone numbers, email addresses, as well as the physical addresses of customers who had ordered a product from Ledger's website. The two people responsible for the hack have been arrested, as The Big Whale revealed in March 2023.

It's important to point out that Ledger's crypto-asset storage technology has never been compromised. “Ledger products have never been exposed, as this incident only concerns the e-commerce business,” the company reaffirmed.

However, the posting of the file on hacker forums led to multiple scam attempts, some of which involved sending fake Ledger Nano devices through the post to steal cryptocurrencies from targeted individuals. "Data breaches expose data subjects to fraud attempts (phishing, identity theft)," commented a source close to the CNIL.

Ledger suffered a second hack in June 2020, this time affecting one million people, attributed to a flaw in an API key. The hacker was not arrested.

Contacted, the company did not immediately respond to our questions.

Format
Actualité
Topic
Réglementation
Author(s)
Grégory Raymond
Companies mentioned
No items found.
People mentioned
No items found.
Assets mentioned
No items found.

This article is not publically available

Join over 100 financial institutions that use our research to confidently navigate the digital asset industry.
Discover the membership

Looking to access truly actionable research?

Join over 100 financial institutions that use our research to confidently navigate the digital asset industry.
Discover the membership

Market intelligence on digital assets

Join over 100 finance leaders who use The Big Whale every week for trusted and unbiased market intelligence on digital assets.
Contact us
100%
Independent journalism
2016
Since
0
Noise
Market intelligence on digital assets
Company
About usMembershipPricingOur clientsTerms and conditions
Membership
ResearchEventsNewsNewslettersAcademy
Follow Us
350.000+ subscribers
The DROP

Newsletter

Read by 30 000 professionals
Receive the essential news and independent analysis on digital assets directly in your inbox every Friday.