"Sued into Oblivion": Ledger Users Threaten Legal Action after Data Dump

Monday, 21/12/2020 | 08:02 GMT by Rachel McIntosh
  • An attacker that stole hundreds of thousands of customer data has recently dumped the information online.
"Sued into Oblivion": Ledger Users Threaten Legal Action after Data Dump
Finance Magnates

A number of Ledger users whose stolen data has been posted online are now threatening a class-action lawsuit, according to a growing number of tweets by the affected users.

“Hey @Ledger, why is my data in that dump, when you supposedly deleted my personal data, and also never notified me about my data leaking?,” wrote Twitter user @NoomDynamite in response to another Tweet describing the attack. “Prepare to be sued into oblivion before the EU courts for violation of the GDPR.”

Indeed, “if any lawyers want to start a class action suit, I’m sure many of us will jump on board,” wrote Twitter user @RyanOlah2 in response to Ledger’s official tweet about the data dump. A number of other users replied in agreement.

https://twitter.com/RyanOlah2/status/1340771949820166144

“This has just gotten 10,000x worse now,” @RyanOlah2 said, apparently referring to the original incident in June of this year when a hacker breached hardware wallet provider Ledger’s marketing database.

Ledger: "We Are Continuously Working with Law Enforcement to Prosecute Hackers."

According to a report by CoinTelegraph, data belonging to thousands of users was taken during the June breach, including 272,853 hardware wallet orders and over a million email addresses that were on the Ledger newsletter mailing list. The hardware wallet orders included mail addresses, physical addresses and phone numbers.

https://twitter.com/UnderTheBreach/status/1340728236528033797

Alon Gal, Co-founder and Chief Technical Officer at cybersecurity firm, Hudson Rock, wrote on Twitter that the leak “holds major risk to the people affected by it.”

And indeed, some hardware wallet holders have already been targeted by phishing scammers.

On Friday, another hardware wallet firm, Trezor, warned its users against phishing attacks that seem to be linked to the Ledger data dump. Finance Magnates previously reported that attackers appear to be using data obtained from the Ledger hack to blindly send texts to customers to attempt to trick them into giving up their wallet’s private keys.

Ledger says that it is attempting to prevent scammers from taking advantage of users whose data has been compromised: "We are continuously working with law enforcement to prosecute hackers and stop these scammers," the company wrote on Twitter. "We have taken down more than 170 phishing websites since the original breach."

"Saying Sorry, Frankly, Isn't Enough"

However, phishing attacks are not the only concern of users who may have been affected by the attack.

Alon Gal Tweeted that “individuals who purchased a Ledger tend to have high net worth in Cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments on a larger scale than experienced before.”

Indeed, high-net-worth crypto users could also be the subject of so-called 'rubber-hose attacks': physical violence or coercion that may force them to give the keys of their Bitcoin wallets to attackers who have gained access to their physical location (i.e. their home address.)

Twitter user @paul_smith2000 wrote that he was “concerned that people now have our addresses” in response to an update on the situation from Ledger.

“What's stopping them from knocking on our doors?!” he wrote. “Saying sorry, frankly, isn't enough!!”

A number of Ledger users whose stolen data has been posted online are now threatening a class-action lawsuit, according to a growing number of tweets by the affected users.

“Hey @Ledger, why is my data in that dump, when you supposedly deleted my personal data, and also never notified me about my data leaking?,” wrote Twitter user @NoomDynamite in response to another Tweet describing the attack. “Prepare to be sued into oblivion before the EU courts for violation of the GDPR.”

Indeed, “if any lawyers want to start a class action suit, I’m sure many of us will jump on board,” wrote Twitter user @RyanOlah2 in response to Ledger’s official tweet about the data dump. A number of other users replied in agreement.

https://twitter.com/RyanOlah2/status/1340771949820166144

“This has just gotten 10,000x worse now,” @RyanOlah2 said, apparently referring to the original incident in June of this year when a hacker breached hardware wallet provider Ledger’s marketing database.

Ledger: "We Are Continuously Working with Law Enforcement to Prosecute Hackers."

According to a report by CoinTelegraph, data belonging to thousands of users was taken during the June breach, including 272,853 hardware wallet orders and over a million email addresses that were on the Ledger newsletter mailing list. The hardware wallet orders included mail addresses, physical addresses and phone numbers.

https://twitter.com/UnderTheBreach/status/1340728236528033797

Alon Gal, Co-founder and Chief Technical Officer at cybersecurity firm, Hudson Rock, wrote on Twitter that the leak “holds major risk to the people affected by it.”

And indeed, some hardware wallet holders have already been targeted by phishing scammers.

On Friday, another hardware wallet firm, Trezor, warned its users against phishing attacks that seem to be linked to the Ledger data dump. Finance Magnates previously reported that attackers appear to be using data obtained from the Ledger hack to blindly send texts to customers to attempt to trick them into giving up their wallet’s private keys.

Ledger says that it is attempting to prevent scammers from taking advantage of users whose data has been compromised: "We are continuously working with law enforcement to prosecute hackers and stop these scammers," the company wrote on Twitter. "We have taken down more than 170 phishing websites since the original breach."

"Saying Sorry, Frankly, Isn't Enough"

However, phishing attacks are not the only concern of users who may have been affected by the attack.

Alon Gal Tweeted that “individuals who purchased a Ledger tend to have high net worth in Cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments on a larger scale than experienced before.”

Indeed, high-net-worth crypto users could also be the subject of so-called 'rubber-hose attacks': physical violence or coercion that may force them to give the keys of their Bitcoin wallets to attackers who have gained access to their physical location (i.e. their home address.)

Twitter user @paul_smith2000 wrote that he was “concerned that people now have our addresses” in response to an update on the situation from Ledger.

“What's stopping them from knocking on our doors?!” he wrote. “Saying sorry, frankly, isn't enough!!”

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 58 Followers
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.

More from the Author

CryptoCurrency